Vulnerabilities > CVE-2019-19307 - Infinite Loop vulnerability in Cesanta Mongoose 6.16

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cesanta

CWE-835

critical

NVD

Published: 2019-11-26

Updated: 2024-11-21

Summary

An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.

Vulnerable Configurations

Part	Description	Count
Application	Cesanta Cesanta Mongoose 6.16	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/cesanta/mongoose/issues/1055
https://github.com/cesanta/mongoose/issues/1055