CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-20356

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0760%
EPSS Percentile37.72th
Published2019年6月10日
Last Modified2024年11月21日

Vulnerability Description

An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Affected Platforms (CPE)

📦
Cesanta

Mongoose

<= 6.13

References & Advisories

🔗 https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read_mg_http_free_proto_data_cgi.png
🔗 https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read_mg_http_free_proto_data_cgi.png

相关漏洞威胁

CVE-2018-203539.8

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mo...

CVE-2018-203549.8

An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongo...

CVE-2018-203559.8

An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c i...

CVE-2019-129519.8

An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.