Описание
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | windows only |
| devel | not-affected | windows only |
| esm-apps/xenial | not-affected | windows only |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [windows only]] |
| precise/esm | DNE | |
| trusty | not-affected | windows only |
| trusty/esm | DNE | trusty was not-affected [windows only] |
| upstream | needs-triage | |
| xenial | not-affected | windows only |
| zesty | not-affected | windows only |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.
An exploitable memory corruption vulnerability exists in the Websocket ...
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3