Vulnerabilities > Cesanta > Mongoose
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2020-25887 | Classic Buffer Overflow vulnerability in Cesanta Mongoose 6.18 Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. | 8.8 |
| 2023-08-09 | CVE-2023-2905 | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.10 Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. | 8.8 |
| 2023-06-23 | CVE-2023-34188 | Unspecified vulnerability in Cesanta Mongoose The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. | 7.5 |
| 2022-02-18 | CVE-2022-25299 | Files or Directories Accessible to External Parties vulnerability in Cesanta Mongoose This affects the package cesanta/mongoose before 7.6. | 7.5 |
| 2021-02-08 | CVE-2021-26530 | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0 The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 9.1 |
| 2021-02-08 | CVE-2021-26529 | Out-of-bounds Write vulnerability in Cesanta Mongoose The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 9.1 |
| 2021-02-08 | CVE-2021-26528 | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0 The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 9.1 |
| 2020-09-18 | CVE-2020-25756 | Classic Buffer Overflow vulnerability in Cesanta Mongoose 6.18 A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. | 9.8 |
| 2019-11-26 | CVE-2019-19307 | Infinite Loop vulnerability in Cesanta Mongoose 6.16 An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet. | 9.8 |
| 2019-07-11 | CVE-2019-13503 | Out-of-bounds Read vulnerability in Cesanta Mongoose 6.15 mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. | 7.5 |