Vulnerabilities > Cesanta > Mongoose > 6.18

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2020-25887 Classic Buffer Overflow vulnerability in Cesanta Mongoose 6.18
Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.
network
low complexity
cesanta CWE-120
8.8
2023-06-23 CVE-2023-34188 Unspecified vulnerability in Cesanta Mongoose
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.
network
low complexity
cesanta
7.5
2022-02-18 CVE-2022-25299 Files or Directories Accessible to External Parties vulnerability in Cesanta Mongoose
This affects the package cesanta/mongoose before 7.6.
network
low complexity
cesanta CWE-552
5.0
2021-02-08 CVE-2021-26529 Out-of-bounds Write vulnerability in Cesanta Mongoose
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
6.4
2020-09-18 CVE-2020-25756 Classic Buffer Overflow vulnerability in Cesanta Mongoose 6.18
A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking.
network
low complexity
cesanta CWE-120
critical
9.8