Vulnerabilities > CVE-2019-19307 - Infinite Loop vulnerability in Cesanta Mongoose 6.16

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cesanta

CWE-835

NVD

Published: 2019-11-26

Updated: 2020-08-24

Summary

An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.

Vulnerable Configurations

Part	Description	Count
Application	Cesanta Cesanta Mongoose 6.16	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/cesanta/mongoose/issues/1055