Mongoose Security Vulnerabilities and Issues — Mongoose CVE List

Lucene search

CesantaMongoose

4 matches found

CVE•added 2017/11/07 4:29 p.m.•52 views

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker n...

8.2CVSS7.7AI score0.00376EPSS

CVE•added 2024/11/18 10:15 a.m.•44 views

CVE-2024-42386

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

8.2CVSS7.8AI score0.00123EPSS

CVE•added 2023/08/09 5:15 a.m.•34 views

CVE-2023-2905

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not a...

8.8CVSS8.7AI score0.00243EPSS

CVE•added 2023/08/22 7:16 p.m.•26 views

CVE-2020-25887

Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.

8.8CVSS8.7AI score0.00226EPSS