Описание
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | windows only |
| devel | not-affected | windows only |
| esm-apps/xenial | not-affected | windows only |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [windows only]] |
| precise/esm | DNE | |
| trusty | not-affected | windows only |
| trusty/esm | DNE | trusty was not-affected [windows only] |
| upstream | needs-triage | |
| xenial | not-affected | windows only |
| zesty | not-affected | windows only |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.
An exploitable use-after-free vulnerability exists in the HTTP server ...
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.
7.5 High
CVSS2
9.8 Critical
CVSS3