Mongoose

7.10

MAJOR_MINOR 1 CVE

6.8

MAJOR_MINOR 8 CVEs

7.11

MAJOR_MINOR 1 CVE

7.1.4

SEMANTIC 5 CVEs

0

SINGLE_NUMBER 5 CVEs

b316989

OTHER 1 CVE

CVE-2024-35492

Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet.

UNKNOWN

CVE-2024-42389

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

MEDIUM Nov 18, 2024

CVE-2024-42388

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

MEDIUM Nov 18, 2024

CVE-2024-42387

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

MEDIUM Nov 18, 2024

CVE-2024-42386

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

HIGH Nov 18, 2024

CVE-2024-42384

Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

HIGH Nov 18, 2024