Cesanta

Mongoose

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2024-42385

  • EPSS 0.04%
  • Veröffentlicht 18.11.2024 10:15:07
  • Zuletzt bearbeitet 19.11.2024 17:54:31

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.

7.5

CVE-2024-42386

  • EPSS 0.22%
  • Veröffentlicht 18.11.2024 10:15:07
  • Zuletzt bearbeitet 19.11.2024 17:52:44

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

5.3

CVE-2024-42388

  • EPSS 0.24%
  • Veröffentlicht 18.11.2024 10:15:07
  • Zuletzt bearbeitet 19.11.2024 17:51:24

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

7.5

CVE-2024-42384

  • EPSS 0.17%
  • Veröffentlicht 18.11.2024 10:15:06
  • Zuletzt bearbeitet 07.11.2025 16:15:22

Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

9.8

CVE-2024-42383

  • EPSS 0.17%
  • Veröffentlicht 18.11.2024 10:15:06
  • Zuletzt bearbeitet 19.11.2024 17:55:22

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.

7.5

CVE-2024-35492

  • EPSS 0.07%
  • Veröffentlicht 29.05.2024 20:15:13
  • Zuletzt bearbeitet 21.11.2024 09:20:21

Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet.

8.8

CVE-2020-25887

Exploit
  • EPSS 0.23%
  • Veröffentlicht 22.08.2023 19:16:19
  • Zuletzt bearbeitet 21.11.2024 05:18:58

Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.

8.8

CVE-2023-2905

Exploit
  • EPSS 0.24%
  • Veröffentlicht 09.08.2023 05:15:40
  • Zuletzt bearbeitet 21.11.2024 07:59:32

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the defaul...

7.5

CVE-2023-34188

  • EPSS 0.11%
  • Veröffentlicht 23.06.2023 20:15:09
  • Zuletzt bearbeitet 28.02.2025 13:15:26

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does ...

7.5

CVE-2022-25299

Exploit
  • EPSS 0.35%
  • Veröffentlicht 18.02.2022 13:15:08
  • Zuletzt bearbeitet 21.11.2024 06:51:57

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.