Cesanta Mongoose Web Server vulnerabilities
11 known vulnerabilities affecting cesanta/mongoose_web_server.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2024-42383P3CRITICALCVSS 9.8≤ 7.142024-11-18
CVE-2024-42383 [CRITICAL] CWE-823 CVE-2024-42383: Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to writ
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
nvd
CVE-2024-42386P3HIGHCVSS 7.5≤ 7.142024-11-18
CVE-2024-42386 [HIGH] CWE-823 CVE-2024-42386: Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an atta
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
nvd
CVE-2018-25193P3HIGHCVSS 7.5v6.92026-03-06
CVE-2018-25193 [HIGH] CWE-1188 CVE-2018-25193: Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to c
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.
nvd
CVE-2024-42384P3HIGHCVSS 7.5≤ 7.142024-11-18
CVE-2024-42384 [HIGH] CWE-190 CVE-2024-42384: Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker
Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
nvd
CVE-2024-42392P3HIGHCVSS 7.5≤ 7.142024-11-18
CVE-2024-42392 [HIGH] CWE-140 CVE-2024-42392: Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to t
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.
nvd
CVE-2024-42385P4HIGHCVSS 7.0≤ 7.142024-11-18
CVE-2024-42385 [HIGH] CWE-140 CVE-2024-42385: Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to t
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.
nvd
CVE-2024-42389P4MEDIUMCVSS 5.3≤ 7.142024-11-18
CVE-2024-42389 [MEDIUM] CWE-823 CVE-2024-42389: Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an atta
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
nvd
CVE-2024-42388P4MEDIUMCVSS 5.3≤ 7.142024-11-18
CVE-2024-42388 [MEDIUM] CWE-823 CVE-2024-42388: Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an atta
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
nvd
CVE-2024-42387P4MEDIUMCVSS 5.3≤ 7.142024-11-18
CVE-2024-42387 [MEDIUM] CWE-823 CVE-2024-42387: Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an atta
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
nvd
CVE-2024-42391P4MEDIUMCVSS 5.3≤ 7.142024-11-18
CVE-2024-42391 [MEDIUM] CWE-823 CVE-2024-42391: Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an atta
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
nvd
CVE-2024-42390P4MEDIUMCVSS 5.3≤ 7.142024-11-18
CVE-2024-42390 [MEDIUM] CWE-823 CVE-2024-42390: Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an atta
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
nvd