Vulnerability Details CVE-2018-20356
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-20356
-
cpe:2.3:a:cesanta:mongoose:-
-
cpe:2.3:a:cesanta:mongoose:3.2
-
cpe:2.3:a:cesanta:mongoose:3.3
-
cpe:2.3:a:cesanta:mongoose:3.4
-
cpe:2.3:a:cesanta:mongoose:3.5
-
cpe:2.3:a:cesanta:mongoose:3.6
-
cpe:2.3:a:cesanta:mongoose:3.7
-
cpe:2.3:a:cesanta:mongoose:3.8
-
cpe:2.3:a:cesanta:mongoose:4.0
-
cpe:2.3:a:cesanta:mongoose:4.1
-
cpe:2.3:a:cesanta:mongoose:5.0
-
cpe:2.3:a:cesanta:mongoose:5.1
-
cpe:2.3:a:cesanta:mongoose:5.2
-
cpe:2.3:a:cesanta:mongoose:5.3
-
cpe:2.3:a:cesanta:mongoose:5.4
-
cpe:2.3:a:cesanta:mongoose:5.5
-
cpe:2.3:a:cesanta:mongoose:5.6
-
cpe:2.3:a:cesanta:mongoose:6.0
-
cpe:2.3:a:cesanta:mongoose:6.1
-
cpe:2.3:a:cesanta:mongoose:6.10
-
cpe:2.3:a:cesanta:mongoose:6.11
-
cpe:2.3:a:cesanta:mongoose:6.12
-
cpe:2.3:a:cesanta:mongoose:6.13
-
cpe:2.3:a:cesanta:mongoose:6.2
-
cpe:2.3:a:cesanta:mongoose:6.3
-
cpe:2.3:a:cesanta:mongoose:6.4
-
cpe:2.3:a:cesanta:mongoose:6.5
-
cpe:2.3:a:cesanta:mongoose:6.6
-
cpe:2.3:a:cesanta:mongoose:6.7
-
cpe:2.3:a:cesanta:mongoose:6.8
-
cpe:2.3:a:cesanta:mongoose:6.9