CVE-2018-18764
https://notcve.org/view.php?id=CVE-2018-18764
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de memoria arbitraria en la funcionalidad de análisis de paquetes MQTT de Cesanta Mongoose 6.13. • https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20getu16%20heap%20buffer%20overflow1.md https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20getu16%20heap%20buffer%20overflow2.md • CWE-125: Out-of-bounds Read •
CVE-2018-10945
https://notcve.org/view.php?id=CVE-2018-10945
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. La función mg_handle_cgi en mongoose.c en Mongoose 6.11 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap o desreferencia de puntero NULL) mediante una petición HTTP relacionada con la función mbuf_insert. • http://blog.hac425.top/2018/05/16/CVE-2018-10945-mongoose.html • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVE-2017-2892
https://notcve.org/view.php?id=CVE-2017-2892
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de memoria en la funcionalidad de análisis sintáctico de paquetes MQTT de Cesanta Mongoose 6.8. Un paquete MQTT especialmente manipulado puede provocar una lectura y escritura de memoria fuera de límites, lo que podría resultar en una divulgación de información, denegación de servicio y la ejecución remota de código. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0399 • CWE-190: Integer Overflow or Wraparound •
CVE-2017-2895
https://notcve.org/view.php?id=CVE-2017-2895
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de memoria arbitraria en la funcionalidad de análisis sintáctico de paquetes MQTT de Cesanta Mongoose 6.8. Un paquete MQTT SUBSCRIBE especialmente manipulado puede provocar una lectura de memoria fuera de límites, lo que podría resultar en una divulgación de información y una denegación de servicio. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0402 • CWE-125: Out-of-bounds Read •
CVE-2017-2921
https://notcve.org/view.php?id=CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability. Existe una vulnerabilidad explotable de corrupción de memoria en la implementación del protocolo Websocket de Cesanta Mongoose 6.8. Un paquete websocket especialmente manipulado puede provocar un desbordamiento de enteros que conduciría a un desbordamiento de búfer basado en memoria dinámica (heap). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0428 • CWE-190: Integer Overflow or Wraparound •