Vulnerabilities > Cesanta > Mongoose > 7.0

DATE CVE VULNERABILITY TITLE RISK
2023-06-23 CVE-2023-34188 Unspecified vulnerability in Cesanta Mongoose
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.
network
low complexity
cesanta
7.5
2022-02-18 CVE-2022-25299 Files or Directories Accessible to External Parties vulnerability in Cesanta Mongoose
This affects the package cesanta/mongoose before 7.6.
network
low complexity
cesanta CWE-552
5.0
2021-02-08 CVE-2021-26530 Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
6.4
2021-02-08 CVE-2021-26529 Out-of-bounds Write vulnerability in Cesanta Mongoose
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
6.4
2021-02-08 CVE-2021-26528 Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
6.4