📦 Mongoose

CVE-2022-25299 is a path traversal vulnerability in the cesanta/mongoose library's mg_http_upload() function that allows attackers to write files outside the intended upload directory by manipulating ...

CVE-2021-26528 is a critical out-of-bounds write vulnerability in Cesanta Mongoose HTTP server version 7.0. Attackers can remotely exploit this by sending connection requests that exhaust the memory p...

CVE-2021-26530 is a critical out-of-bounds write vulnerability in Cesanta Mongoose HTTPS server when compiled with OpenSSL support. Attackers can remotely execute arbitrary code or crash the server by...

An integer overflow vulnerability in Mongoose's WebSocket component (versions 7.5 through 7.17) allows attackers to crash applications via specially crafted WebSocket requests. If downstream vendors i...

This vulnerability in Cesanta Mongoose Web Server allows attackers to cause a segmentation fault by sending specially crafted TLS packets. It affects all systems running vulnerable versions of Mongoos...

An integer overflow vulnerability in Cesanta Mongoose Web Server v7.14 allows attackers to crash the server by sending specially crafted TLS packets. This affects all deployments using the vulnerable ...

A null pointer dereference vulnerability in Cesanta Mongoose's add_ca_certs() function allows remote attackers to cause denial of service by triggering TLS initialization when SSL_CTX_get_cert_store()...

This vulnerability in Cesanta Mongoose Web Server v7.14 allows attackers to send specially crafted TLS packets that cause the server to read memory outside intended heap boundaries. This could potenti...

This vulnerability in Cesanta Mongoose Web Server v7.14 allows attackers to trigger an infinite loop by sending input with unexpected characters. This can cause denial of service by consuming server r...

This vulnerability in Cesanta Mongoose Web Server allows attackers to send specially crafted TLS packets that cause the server to read memory outside intended heap boundaries. This affects all systems...

This vulnerability in Cesanta Mongoose Web Server v7.14 allows attackers to write a NULL byte beyond the allocated memory for hostname fields. This could potentially lead to memory corruption and appl...

This vulnerability in Cesanta Mongoose allows attackers to bypass cryptographic signature verification in the ChaCha20-Poly1305 decryption function. Attackers could potentially decrypt or tamper with ...