Shodan
Vulnerabilities
Vulnerable Software
Cesanta:  >> Mongoose  >> 3.4  Security Vulnerabilities
CVE-2025-65502
Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-11-24
CVE-2024-42389
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-18
CVE-2024-42390
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-11-18
CVE-2024-42391
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-11-18
CVE-2024-42392
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.
CVSS Score
4.0
EPSS Score
0.001
Published
2024-11-18
CVE-2024-42385
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.
CVSS Score
4.0
EPSS Score
0.0
Published
2024-11-18
CVE-2024-42386
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
CVSS Score
8.2
EPSS Score
0.002
Published
2024-11-18
CVE-2024-42387
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-18
CVE-2024-42388
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-18
CVE-2024-42383
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
CVSS Score
4.2
EPSS Score
0.002
Published
2024-11-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved