exploitDog

CVE-2018-20356

Опубликовано: 10 июн. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Ссылки

https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read_mg_http_free_proto_data_cgi.png
Exploit
Third Party Advisory
https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read_mg_http_free_proto_data_cgi.png
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*

Версия до 6.13 (включая)

EPSS

Процентиль: 85%

0.02678

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-2hwq-hrjc-wwr4

CVSS3: 9.8

github

больше 3 лет назад

An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

EPSS

Процентиль: 85%

0.02678

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416