Cesanta

Mongoose

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2026-2968

Exploit
  • EPSS 0.01%
  • Veröffentlicht 23.02.2026 03:02:07
  • Zuletzt bearbeitet 23.02.2026 20:17:23

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verificatio...

3.7

CVE-2026-2967

Exploit
  • EPSS 0.15%
  • Veröffentlicht 23.02.2026 02:32:07
  • Zuletzt bearbeitet 23.02.2026 20:17:44

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a c...

3.7

CVE-2026-2966

Exploit
  • EPSS 0.11%
  • Veröffentlicht 23.02.2026 02:02:08
  • Zuletzt bearbeitet 23.02.2026 20:18:06

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insuffici...

4.3

CVE-2025-65502

Exploit
  • EPSS 0.15%
  • Veröffentlicht 24.11.2025 00:00:00
  • Zuletzt bearbeitet 12.12.2025 13:32:49

Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.

7.5

CVE-2025-51495

Exploit
  • EPSS 0.26%
  • Veröffentlicht 29.09.2025 17:15:31
  • Zuletzt bearbeitet 16.10.2025 17:00:47

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly...

7.5

CVE-2024-42392

  • EPSS 0.08%
  • Veröffentlicht 18.11.2024 10:15:08
  • Zuletzt bearbeitet 19.11.2024 17:55:51

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.

5.3

CVE-2024-42391

  • EPSS 0.24%
  • Veröffentlicht 18.11.2024 10:15:08
  • Zuletzt bearbeitet 19.11.2024 17:50:36

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

5.3

CVE-2024-42390

  • EPSS 0.24%
  • Veröffentlicht 18.11.2024 10:15:08
  • Zuletzt bearbeitet 19.11.2024 17:50:51

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

5.3

CVE-2024-42389

  • EPSS 0.24%
  • Veröffentlicht 18.11.2024 10:15:08
  • Zuletzt bearbeitet 19.11.2024 17:51:10

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

5.3

CVE-2024-42387

  • EPSS 0.24%
  • Veröffentlicht 18.11.2024 10:15:07
  • Zuletzt bearbeitet 19.11.2024 17:51:41

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.