Mongoose Security Vulnerabilities and Issues — Mongoose CVE List

Lucene search

CesantaMongoose

9 matches found

CVE•added 2019/07/11 2:15 a.m.•165 views

CVE-2019-13503

mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read.

7.5CVSS7.6AI score0.00334EPSS

CVE•added 2023/06/23 8:15 p.m.•67 views

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.

7.5CVSS7.4AI score0.00081EPSS

CVE•added 2024/05/29 8:15 p.m.•60 views

CVE-2024-35492

Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet.

7.5CVSS7.3AI score0.00059EPSS

CVE•added 2018/06/19 9:29 p.m.•53 views

CVE-2018-10945

The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.

7.5CVSS7.4AI score0.00652EPSS

CVE•added 2017/11/07 4:29 p.m.•51 views

CVE-2017-2909

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.

7.8CVSS7.2AI score0.00368EPSS

CVE•added 2017/11/07 4:29 p.m.•48 views

CVE-2017-2893

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over ...

7.5CVSS7.2AI score0.05265EPSS

CVE•added 2024/11/18 10:15 a.m.•44 views

CVE-2024-42384

Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

7.5CVSS7.5AI score0.00123EPSS

CVE•added 2024/11/18 10:15 a.m.•44 views

CVE-2024-42385

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.

7CVSS4.6AI score0.00016EPSS

CVE•added 2024/11/18 10:15 a.m.•44 views

CVE-2024-42392

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.

7.5CVSS4.7AI score0.00042EPSS