Mongoose@* Security Vulnerabilities and Issues — Mongoose@* CVE List

Lucene search

CesantaMongoose*

5 matches found

CVE•added 2019/06/24 11:15 p.m.•69 views

CVE-2019-12951

An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.

9.8CVSS9.5AI score0.00459EPSS

CVE•added 2019/06/10 5:29 p.m.•42 views

CVE-2018-20355

An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

9.8CVSS9.7AI score0.02678EPSS

CVE•added 2019/06/10 5:29 p.m.•40 views

CVE-2018-20353

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

9.8CVSS9.6AI score0.02678EPSS

CVE•added 2019/06/10 5:29 p.m.•39 views

CVE-2018-20356

An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

9.8CVSS9.6AI score0.02678EPSS

CVE•added 2019/06/10 5:29 p.m.•38 views

CVE-2018-20354

An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

9.8CVSS9.6AI score0.02678EPSS