exploitDog

CVE-2018-20354

Опубликовано: 10 июн. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Ссылки

https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read-mg_http_get_proto_data.png
Exploit
Third Party Advisory
https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read-mg_http_get_proto_data.png
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*

Версия до 6.13 (включая)

EPSS

Процентиль: 85%

0.02678

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-x5cj-69cr-cfj3

CVSS3: 9.8

github

больше 3 лет назад

An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

EPSS

Процентиль: 85%

0.02678

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416