Cesanta

Mongoose

47 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-12951

  • EPSS 0.46%
  • Veröffentlicht 24.06.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:23:53

An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.

9.8

CVE-2018-20353

Exploit
  • EPSS 2.68%
  • Veröffentlicht 10.06.2019 17:29:02
  • Zuletzt bearbeitet 21.11.2024 04:01:18

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash)...

9.8

CVE-2018-20354

Exploit
  • EPSS 2.68%
  • Veröffentlicht 10.06.2019 17:29:02
  • Zuletzt bearbeitet 21.11.2024 04:01:18

An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or...

9.8

CVE-2018-20355

Exploit
  • EPSS 2.68%
  • Veröffentlicht 10.06.2019 17:29:02
  • Zuletzt bearbeitet 21.11.2024 04:01:18

An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote...

9.8

CVE-2018-20356

Exploit
  • EPSS 2.68%
  • Veröffentlicht 10.06.2019 17:29:02
  • Zuletzt bearbeitet 21.11.2024 04:01:18

An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote ...

6.5

CVE-2018-19587

Exploit
  • EPSS 0.29%
  • Veröffentlicht 27.11.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:14

In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.

9.1

CVE-2018-18765

Exploit
  • EPSS 0.38%
  • Veröffentlicht 29.10.2018 12:29:10
  • Zuletzt bearbeitet 21.11.2024 03:56:33

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an a...

9.1

CVE-2018-18764

Exploit
  • EPSS 0.38%
  • Veröffentlicht 29.10.2018 12:29:10
  • Zuletzt bearbeitet 21.11.2024 03:56:33

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbit...

7.5

CVE-2018-10945

Exploit
  • EPSS 0.65%
  • Veröffentlicht 19.06.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:21

The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.

9.8

CVE-2017-2922

Exploit
  • EPSS 2.71%
  • Veröffentlicht 07.11.2017 16:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-fr...