CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-20356
https://notcve.org/view.php?id=CVE-2018-20356
10 Jun 2019 — An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Una lectura no válida de 8 bytes debido a una vulnerabilidad de uso después de la llamada a la función mg_http_free_proto_data_cgi en mongoose.c en Cesanta Mongoose Embedded Web Server Library 6.13 y anteriores permite una denegación de servicio ... • https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read_mg_http_free_proto_data_cgi.png • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-20355
https://notcve.org/view.php?id=CVE-2018-20355
10 Jun 2019 — An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Una escritura invalida de 8 bytes debido a una vulnerabilidad use-after-free de la llamada en la función en el mg_http_free_proto_data_cgi in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 y anteriores permiten un servicio de de... • https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-mg_http_free_proto_data_cgi.png • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-20354
https://notcve.org/view.php?id=CVE-2018-20354
10 Jun 2019 — An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Una lectura no válida de 8 bytes debido una vulnerabilidad de use-after-free durante una devolución en la función mg_http_get_proto_data en mongoose.c en Cesanta Mongoose Embedded Web Server Library 6.13 y anteriores permite una denegació... • https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read-mg_http_get_proto_data.png • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-20353
https://notcve.org/view.php?id=CVE-2018-20353
10 Jun 2019 — An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Una lectura no válida de 8 bytes debido a una vulnerabilidad de uso después de una liberación durante una prueba NULL en la función mg_http_get_proto_data en mongoose.c en Embedded Web Server Library 6.13 y anteriores permite una deneg... • https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read-mg_http_get_proto_data5932.png • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19587
https://notcve.org/view.php?id=CVE-2018-19587
27 Nov 2018 — In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function. En Cesanta Mongoose 6.13, existe un SIGSEGV en la función mg_mqtt_add_session() de mongoose.c. • https://github.com/insi2304/mongoose-fuzz • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-18764
https://notcve.org/view.php?id=CVE-2018-18764
28 Oct 2018 — An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de mem... • https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20getu16%20heap%20buffer%20overflow1.md • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18765
https://notcve.org/view.php?id=CVE-2018-18765
28 Oct 2018 — An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de... • https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20mg_mqtt_next_subscribe_topic%20heap%20buffer%20overflow.md • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10945
https://notcve.org/view.php?id=CVE-2018-10945
19 Jun 2018 — The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. La función mg_handle_cgi en mongoose.c en Mongoose 6.11 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap o desreferencia de puntero NULL) mediante una petición HTTP relacionada con la fun... • http://blog.hac425.top/2018/05/16/CVE-2018-10945-mongoose.html • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2017-2891
https://notcve.org/view.php?id=CVE-2017-2891
07 Nov 2017 — An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de uso de memoria previamente liberada en la implementación del servidor HTTP de Cesanta Mongoose 6.8. Una petición POST HTTP norma... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0398 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-2892
https://notcve.org/view.php?id=CVE-2017-2892
07 Nov 2017 — An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de memoria en la funcionalidad de análisis sintác... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0399 • CWE-190: Integer Overflow or Wraparound •