Mongoose Web Server
by Cesanta
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26529 | Cri | 0.59 | 9.1 | 0.01 | Feb 8, 2021 | The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||
| CVE-2021-26528 | Cri | 0.59 | 9.1 | 0.01 | Feb 8, 2021 | The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||
| CVE-2024-42386 | Hig | 0.53 | 8.2 | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | ||
| CVE-2024-42384 | Hig | 0.49 | 7.5 | 0.00 | Nov 18, 2024 | Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | ||
| CVE-2024-42389 | Med | 0.34 | 5.3 | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||
| CVE-2024-42388 | Med | 0.34 | 5.3 | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||
| CVE-2024-42387 | Med | 0.34 | 5.3 | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||
| CVE-2024-42391 | Med | 0.28 | 4.3 | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||
| CVE-2024-42390 | Med | 0.28 | 4.3 | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||
| CVE-2024-42383 | Med | 0.27 | 4.2 | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field. | ||
| CVE-2024-42392 | Med | 0.26 | 4.0 | 0.00 | Nov 18, 2024 | Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters. | ||
| CVE-2024-42385 | Med | 0.26 | 4.0 | 0.00 | Nov 18, 2024 | Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters. |
- risk 0.59cvss 9.1epss 0.01
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
- risk 0.59cvss 9.1epss 0.01
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
- risk 0.53cvss 8.2epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
- risk 0.49cvss 7.5epss 0.00
Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
- risk 0.34cvss 5.3epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- risk 0.34cvss 5.3epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- risk 0.34cvss 5.3epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- risk 0.28cvss 4.3epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- risk 0.28cvss 4.3epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- risk 0.27cvss 4.2epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
- risk 0.26cvss 4.0epss 0.00
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.
- risk 0.26cvss 4.0epss 0.00
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.