Vulnerabilities > Cesanta > Mongoose > 6.7

DATE CVE VULNERABILITY TITLE RISK
2023-06-23 CVE-2023-34188 Unspecified vulnerability in Cesanta Mongoose
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.
network
low complexity
cesanta
7.5
2022-02-18 CVE-2022-25299 Files or Directories Accessible to External Parties vulnerability in Cesanta Mongoose
This affects the package cesanta/mongoose before 7.6.
network
low complexity
cesanta CWE-552
5.0
2021-02-08 CVE-2021-26529 Out-of-bounds Write vulnerability in Cesanta Mongoose
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
6.4
2019-06-24 CVE-2019-12951 Out-of-bounds Write vulnerability in Cesanta Mongoose
An issue was discovered in Mongoose before 6.15.
network
low complexity
cesanta CWE-787
7.5
2019-06-10 CVE-2018-20356 Use After Free vulnerability in Cesanta Mongoose
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5
2019-06-10 CVE-2018-20355 Use After Free vulnerability in Cesanta Mongoose
An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5
2019-06-10 CVE-2018-20354 Use After Free vulnerability in Cesanta Mongoose
An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5
2019-06-10 CVE-2018-20353 Use After Free vulnerability in Cesanta Mongoose
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5