CVE-2021-26528

CRITICAL

9.1

CVSS Severity Score

EPSS Score0.0840%

EPSS Percentile12.55th

Published2021年2月8日

Last Modified2024年11月21日

Vulnerability Description

The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

Affected Platforms (CPE)

📦

Cesanta

Mongoose

= 7.0

References & Advisories

🔗 https://github.com/cesanta/mongoose/issues/1201

関連する脆弱性情報

CVE-2018-203539.8

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mo...

CVE-2018-203549.8

An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongo...

CVE-2018-203559.8

An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c i...

CVE-2018-203569.8

An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in...