Cesanta: >> Mongoose >> 7.10 Security Vulnerabilities
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
CVSS Score
4.2
EPSS Score
0.002
Published
2024-11-18
Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-11-18
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-09
Page 2