VYPR

Mongoose Web Server

by Cesanta

CVEs (12)

  • CVE-2021-26529CriFeb 8, 2021
    risk 0.59cvss 9.1epss 0.01

    The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

  • CVE-2021-26528CriFeb 8, 2021
    risk 0.59cvss 9.1epss 0.01

    The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

  • CVE-2024-42386HigNov 18, 2024
    risk 0.53cvss 8.2epss 0.00

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

  • CVE-2024-42384HigNov 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

  • CVE-2024-42389MedNov 18, 2024
    risk 0.34cvss 5.3epss 0.00

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

  • CVE-2024-42388MedNov 18, 2024
    risk 0.34cvss 5.3epss 0.00

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

  • CVE-2024-42387MedNov 18, 2024
    risk 0.34cvss 5.3epss 0.00

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

  • CVE-2024-42391MedNov 18, 2024
    risk 0.28cvss 4.3epss 0.00

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

  • CVE-2024-42390MedNov 18, 2024
    risk 0.28cvss 4.3epss 0.00

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

  • CVE-2024-42383MedNov 18, 2024
    risk 0.27cvss 4.2epss 0.00

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.

  • CVE-2024-42392MedNov 18, 2024
    risk 0.26cvss 4.0epss 0.00

    Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.

  • CVE-2024-42385MedNov 18, 2024
    risk 0.26cvss 4.0epss 0.00

    Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.