CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13503
https://notcve.org/view.php?id=CVE-2019-13503
11 Jul 2019 — mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. La función mq_parse_http en el archivo mongoose.c en Mongoose versión 6.15, presenta una lectura en exceso del búfer en la región heap de la memoria. • https://fuzzit.dev/2019/07/11/discovering-cve-2019-13504-cve-2019-13503-and-the-importance-of-api-fuzzing • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12951
https://notcve.org/view.php?id=CVE-2019-12951
24 Jun 2019 — An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow. Se detectó un problema en Mongoose anterior a versión 6.15. La función parse_mqtt() en el archivo mg_mqtt.c, presenta un desbordamiento de búfer en la región heap de la memoria crítico. • https://github.com/cesanta/mongoose/commit/b3e0f780c34cea88f057a62213c012aa88fe2deb • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-20356
https://notcve.org/view.php?id=CVE-2018-20356
10 Jun 2019 — An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Una lectura no válida de 8 bytes debido a una vulnerabilidad de uso después de la llamada a la función mg_http_free_proto_data_cgi en mongoose.c en Cesanta Mongoose Embedded Web Server Library 6.13 y anteriores permite una denegación de servicio ... • https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read_mg_http_free_proto_data_cgi.png • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-20355
https://notcve.org/view.php?id=CVE-2018-20355
10 Jun 2019 — An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Una escritura invalida de 8 bytes debido a una vulnerabilidad use-after-free de la llamada en la función en el mg_http_free_proto_data_cgi in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 y anteriores permiten un servicio de de... • https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-mg_http_free_proto_data_cgi.png • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-20354
https://notcve.org/view.php?id=CVE-2018-20354
10 Jun 2019 — An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Una lectura no válida de 8 bytes debido una vulnerabilidad de use-after-free durante una devolución en la función mg_http_get_proto_data en mongoose.c en Cesanta Mongoose Embedded Web Server Library 6.13 y anteriores permite una denegació... • https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read-mg_http_get_proto_data.png • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-20353
https://notcve.org/view.php?id=CVE-2018-20353
10 Jun 2019 — An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Una lectura no válida de 8 bytes debido a una vulnerabilidad de uso después de una liberación durante una prueba NULL en la función mg_http_get_proto_data en mongoose.c en Embedded Web Server Library 6.13 y anteriores permite una deneg... • https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read-mg_http_get_proto_data5932.png • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-20352
https://notcve.org/view.php?id=CVE-2018-20352
10 Jun 2019 — Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Una vulnerabilidad de uso después de una liberación en la función mg_cgi_ev_handler en mongoose.c en Cesanta Mongoose Embedded Web Server Library 6.13 y anteriores permiten un servicio de denegación (cierre inesperado de la aplicación) o ejecución remota de código • https://github.com/insi2304/mongoose-6.13-fuzz • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19587
https://notcve.org/view.php?id=CVE-2018-19587
27 Nov 2018 — In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function. En Cesanta Mongoose 6.13, existe un SIGSEGV en la función mg_mqtt_add_session() de mongoose.c. • https://github.com/insi2304/mongoose-fuzz • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-18764
https://notcve.org/view.php?id=CVE-2018-18764
28 Oct 2018 — An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de mem... • https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20getu16%20heap%20buffer%20overflow1.md • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18765
https://notcve.org/view.php?id=CVE-2018-18765
28 Oct 2018 — An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de... • https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20mg_mqtt_next_subscribe_topic%20heap%20buffer%20overflow.md • CWE-125: Out-of-bounds Read •