CyberSec.Space Logo
Back to CVE Browser

CVE-2019-12951

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile44.68th
PublishedJun 24, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.

Affected Platforms (CPE)

πŸ“¦
Cesanta

Mongoose

< 6.15

References & Advisories

πŸ”— https://github.com/cesanta/mongoose/commit/b3e0f780c34cea88f057a62213c012aa88fe2deb
πŸ”— https://github.com/cesanta/mongoose/releases/tag/6.15
πŸ”— https://github.com/cesanta/mongoose/commit/b3e0f780c34cea88f057a62213c012aa88fe2deb
πŸ”— https://github.com/cesanta/mongoose/releases/tag/6.15

Related Vulnerabilities

CVE-2018-203539.8

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mo...

CVE-2018-203549.8

An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongo...

CVE-2018-203559.8

An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c i...

CVE-2018-203569.8

An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in...