Vulnerabilities > CVE-2018-20352 - Use After Free vulnerability in Cesanta Mongoose Embedded web Server Library

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Vulnerable Configurations

Part Description Count
Application
Cesanta
31

Common Weakness Enumeration (CWE)