CVE-2018-19587
published 2018-11-27CVE-2018-19587: In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
PriorityP424medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EPSS
0.94%
56.6th percentile
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cesanta | mongoose | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q23h-r653-rm5r: In Cesanta Mongoose 6
ghsa_unreviewed·2022-05-14
CVE-2018-19587 [MEDIUM] CWE-119 GHSA-q23h-r653-rm5r: In Cesanta Mongoose 6
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
Red Hat
mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c
vendor_redhat·2018-11-26·CVSS 6.5
CVE-2018-19587 [MEDIUM] CWE-20 mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c
mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
Package: nodejs-mongoose (Red Hat Mobile Application Platform 4) - Out of support scope
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-19587 mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c [epel-6]
bugzilla·2018-12-04·CVSS 6.5
CVE-2018-19587 [MEDIUM] CVE-2018-19587 mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c [epel-6]
CVE-2018-19587 mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to for the 'f
Bugzilla
CVE-2018-19587 mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c
bugzilla·2018-12-04·CVSS 6.5
CVE-2018-19587 [MEDIUM] CVE-2018-19587 mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c
CVE-2018-19587 mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c
An issue was found in Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
References:
https://github.com/insi2304/mongoose-fuzz
Discussion:
Created mongoose tracking bugs for this issue:
Affects: epel-6 [bug 1656207]
Affects: fedora-all [bug 1656209]
---
This vulnerability is out of security support scope for the following product:
* Red Hat Mobile Application Platform
Please refer to https://access.redhat.com/support/policy/updates/rhmap for more details
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2018-19587
Bugzilla
CVE-2018-19587 mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c [fedora-all]
bugzilla·2018-12-04·CVSS 6.5
CVE-2018-19587 [MEDIUM] CVE-2018-19587 mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c [fedora-all]
CVE-2018-19587 mongoose: SIGSEGV in mg_mqtt_add_session() in mongoose.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
2018-11-27
Published