CVE-2021-26528

Published February 8th, 2021

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

6.4

MEDIUM

Affected

PROJECT

Description

The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

cesanta/mongoose

Embedded web server, with TCP/IP network stack, MQTT and Websocket

GitHub

12.8K