CRITICAL🇬🇧 English

CVE-2021-26530

CVSS 9.1v3.1pub. 2021-02-08upd. 2024-11-21

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Cesanta Mongoose

    APP
    Cesanta
    7.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-25299CRITICAL9.8ten sam produkt

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg...

CVE-2021-26528CRITICAL9.1ten sam produkt

The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack v...

CVE-2021-26529CRITICAL9.1ten sam produkt

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is ...

CVE-2020-25756CRITICAL9.8ten sam produkt

A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a la...

CVE-2019-19307CRITICAL9.8ten sam produkt

An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote ...