VYPR

Mongoose Embedded Web Server Library

by Cesanta

Source repositories

CVEs (10)

  • CVE-2017-11567HigSep 7, 2017
    risk 0.61cvss 8.8epss 0.04

    Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code…

  • CVE-2017-7185HigApr 10, 2017
    risk 0.53cvss 7.5epss 0.12

    Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data…

  • CVE-2018-10945HigJun 19, 2018
    risk 0.49cvss 7.5epss 0.01

    The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.

  • CVE-2018-20356Jun 10, 2019
    risk 0.00cvss epss 0.04

    An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

  • CVE-2018-20355Jun 10, 2019
    risk 0.00cvss epss 0.04

    An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

  • CVE-2018-20354Jun 10, 2019
    risk 0.00cvss epss 0.04

    An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

  • CVE-2018-20352Jun 10, 2019
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

  • CVE-2018-19587Nov 27, 2018
    risk 0.00cvss epss 0.01

    In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.

  • CVE-2018-18765Oct 28, 2018
    risk 0.00cvss epss 0.02

    An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory…

  • CVE-2018-18764Oct 28, 2018
    risk 0.00cvss epss 0.02

    An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory…