Vulnerabilities > CVE-2023-2905 - Out-of-bounds Write vulnerability in Cesanta Mongoose 7.10

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

cesanta

CWE-787

NVD

Published: 2023-08-09

Updated: 2023-08-16

Summary

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.

Vulnerable Configurations

Part	Description	Count
Application	Cesanta Cesanta Mongoose 7.10	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/cesanta/mongoose/pull/2274
https://takeonme.org/cves/CVE-2023-2905.html
https://github.com/cesanta/mongoose/releases/tag/7.11