Mongoose@6.8 Security Vulnerabilities and Issues — Mongoose@6.8 CVE List

Lucene search

CesantaMongoose6.8

8 matches found

CVE•added 2017/11/07 4:29 p.m.•63 views

CVE-2017-2891

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request ove...

9.8CVSS9.6AI score0.02937EPSS

CVE•added 2017/11/07 4:29 p.m.•62 views

CVE-2017-2921

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An at...

9.8CVSS9.8AI score0.02149EPSS

CVE•added 2017/11/07 4:29 p.m.•56 views

CVE-2017-2894

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over ...

9.8CVSS9.7AI score0.12155EPSS

CVE•added 2017/11/07 4:29 p.m.•53 views

CVE-2017-2922

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achiev...

9.8CVSS9.8AI score0.02712EPSS

CVE•added 2017/11/07 4:29 p.m.•52 views

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker n...

8.2CVSS7.7AI score0.00376EPSS

CVE•added 2017/11/07 4:29 p.m.•51 views

CVE-2017-2909

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.

7.8CVSS7.2AI score0.00368EPSS

CVE•added 2017/11/07 4:29 p.m.•48 views

CVE-2017-2893

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over ...

7.5CVSS7.2AI score0.05265EPSS

CVE•added 2017/11/07 4:29 p.m.•47 views

CVE-2017-2892

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code e...

9.8CVSS9.5AI score0.02479EPSS