Vulnerabilities > Cesanta > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-18 | CVE-2024-42383 | Unspecified vulnerability in Cesanta Mongoose Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field. | 9.8 |
| 2023-12-20 | CVE-2023-50044 | Classic Buffer Overflow vulnerability in Cesanta MJS 2.22.0 Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. | 9.8 |
| 2023-09-23 | CVE-2023-43338 | Out-of-bounds Write vulnerability in Cesanta MJS 2.20.0 Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). | 9.8 |
| 2022-05-03 | CVE-2021-27425 | Unspecified vulnerability in Cesanta Mongoose OS 2.17.0 Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. | 9.8 |
| 2021-04-29 | CVE-2021-31875 | Off-by-one Error vulnerability in Cesanta Mongooseos MJS 1.26 In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. | 9.8 |
| 2021-02-08 | CVE-2021-26530 | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0 The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 9.1 |
| 2021-02-08 | CVE-2021-26529 | Out-of-bounds Write vulnerability in Cesanta Mongoose The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 9.1 |
| 2021-02-08 | CVE-2021-26528 | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0 The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 9.1 |
| 2020-09-18 | CVE-2020-25756 | Classic Buffer Overflow vulnerability in Cesanta Mongoose 6.18 A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. | 9.8 |
| 2019-11-26 | CVE-2019-19307 | Infinite Loop vulnerability in Cesanta Mongoose 6.16 An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet. | 9.8 |