insi2304/mongoose-6.13-fuzz

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-20352 ↗	Jun 10, 2019Monday, 10 June 2019, 17:29	—	6.8 MEDIUM
Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
CVE-2018-20353 ↗	Jun 10, 2019Monday, 10 June 2019, 17:29	—	7.5 HIGH
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
CVE-2018-20354 ↗	Jun 10, 2019Monday, 10 June 2019, 17:29	—	7.5 HIGH
An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
CVE-2018-20355 ↗	Jun 10, 2019Monday, 10 June 2019, 17:29	—	7.5 HIGH
An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
CVE-2018-20356 ↗	Jun 10, 2019Monday, 10 June 2019, 17:29	—	7.5 HIGH
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
CVE-2018-19587 ↗	Nov 27, 2018Tuesday, 27 November 2018, 07:29	—	4.3 MEDIUM
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.