Описание
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.7 (включая)Версия до 1.2 (включая)
Одно из
cpe:2.3:a:cesanta:mongoose_embedded_web_server_library:*:*:*:*:*:*:*:*
cpe:2.3:o:cesanta:mongoose_os:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.3325
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-416
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.
EPSS
Процентиль: 97%
0.3325
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-416