Vulnerabilities > CVE-2018-20352 - Use After Free vulnerability in Cesanta Mongoose Embedded web Server Library

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cesanta

CWE-416

NVD

Published: 2019-06-10

Updated: 2024-11-21

Summary

Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Cesanta Cesanta Mongoose Embedded WEB Server Library 3.2 Cesanta Mongoose Embedded WEB Server Library 3.3 Cesanta Mongoose Embedded WEB Server Library 3.4 Cesanta Mongoose Embedded WEB Server Library 3.5 Cesanta Mongoose Embedded WEB Server Library 3.6 Cesanta Mongoose Embedded WEB Server Library 3.7 Cesanta Mongoose Embedded WEB Server Library 3.8 Cesanta Mongoose Embedded WEB Server Library 4.0 Cesanta Mongoose Embedded WEB Server Library 4.1 Cesanta Mongoose Embedded WEB Server Library 5.0 Cesanta Mongoose Embedded WEB Server Library 5.1 Cesanta Mongoose Embedded WEB Server Library 5.2 Cesanta Mongoose Embedded WEB Server Library 5.3 Cesanta Mongoose Embedded WEB Server Library 5.4 Cesanta Mongoose Embedded WEB Server Library 5.5 Cesanta Mongoose Embedded WEB Server Library 5.5_20140120 Cesanta Mongoose Embedded WEB Server Library 5.6 Cesanta Mongoose Embedded WEB Server Library 6.0 Cesanta Mongoose Embedded WEB Server Library 6.1 Cesanta Mongoose Embedded WEB Server Library 6.2 Cesanta Mongoose Embedded WEB Server Library 6.3 Cesanta Mongoose Embedded WEB Server Library 6.4 Cesanta Mongoose Embedded WEB Server Library 6.5 Cesanta Mongoose Embedded WEB Server Library 6.6 Cesanta Mongoose Embedded WEB Server Library 6.7 Cesanta Mongoose Embedded WEB Server Library 6.8 Cesanta Mongoose Embedded WEB Server Library 6.9 Cesanta Mongoose Embedded WEB Server Library 6.10 Cesanta Mongoose Embedded WEB Server Library 6.11 Cesanta Mongoose Embedded WEB Server Library 6.12 Cesanta Mongoose Embedded WEB Server Library 6.13	31

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References