Monkey
Products
2- 12 CVEs
- 1 CVE
Recent CVEs
13| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-63650 | 0.00 | — | 0.01 | Jan 29, 2026 | An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||
| CVE-2025-63658 | 0.00 | — | 0.00 | Jan 29, 2026 | A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||
| CVE-2025-63657 | 0.00 | — | 0.01 | Jan 29, 2026 | An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||
| CVE-2025-63651 | 0.00 | — | 0.01 | Jan 29, 2026 | A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||
| CVE-2025-63649 | 0.00 | — | 0.00 | Jan 29, 2026 | An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server. | ||
| CVE-2025-63655 | 0.00 | — | 0.01 | Jan 29, 2026 | A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||
| CVE-2025-63653 | 0.00 | — | 0.01 | Jan 29, 2026 | An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||
| CVE-2025-63652 | 0.00 | — | 0.01 | Jan 29, 2026 | A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||
| CVE-2025-63656 | 0.00 | — | 0.01 | Jan 29, 2026 | An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||
| CVE-2013-2183 | 0.00 | — | 0.00 | Dec 10, 2019 | Monkey HTTP Daemon has local security bypass | ||
| CVE-2013-2159 | 0.00 | — | 0.00 | Dec 10, 2019 | Monkey HTTP Daemon: broken user name authentication | ||
| CVE-2013-1771 | 0.00 | — | 0.00 | Nov 7, 2019 | The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. | ||
| CVE-2009-0415 | 0.00 | — | 0.00 | Feb 3, 2009 | Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path. |
- CVE-2025-63650Jan 29, 2026risk 0.00cvss —epss 0.01
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
- CVE-2025-63658Jan 29, 2026risk 0.00cvss —epss 0.00
A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
- CVE-2025-63657Jan 29, 2026risk 0.00cvss —epss 0.01
An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
- CVE-2025-63651Jan 29, 2026risk 0.00cvss —epss 0.01
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
- CVE-2025-63649Jan 29, 2026risk 0.00cvss —epss 0.00
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.
- CVE-2025-63655Jan 29, 2026risk 0.00cvss —epss 0.01
A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
- CVE-2025-63653Jan 29, 2026risk 0.00cvss —epss 0.01
An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
- CVE-2025-63652Jan 29, 2026risk 0.00cvss —epss 0.01
A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
- CVE-2025-63656Jan 29, 2026risk 0.00cvss —epss 0.01
An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
- CVE-2013-2183Dec 10, 2019risk 0.00cvss —epss 0.00
Monkey HTTP Daemon has local security bypass
- CVE-2013-2159Dec 10, 2019risk 0.00cvss —epss 0.00
Monkey HTTP Daemon: broken user name authentication
- CVE-2013-1771Nov 7, 2019risk 0.00cvss —epss 0.00
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
- CVE-2009-0415Feb 3, 2009risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path.