 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.104894 |
| Category: | Web Servers |
| Title: | Cesanta Mongoose Web Server 7.10 Heap-based Buffer Overflow Vulnerability |
| Summary: | Cesanta Mongoose Web Server is prone to a heap-based buffer; overflow vulnerability. |
| Description: | Summary: Cesanta Mongoose Web Server is prone to a heap-based buffer overflow vulnerability. Vulnerability Insight: Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Affected Software/OS: Mongoose Web Server version 7.10 only. Solution: Update to version 7.11 or later. CVSS Score: 8.3 CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-2905 https://github.com/cesanta/mongoose/pull/2274 https://github.com/cesanta/mongoose/releases/tag/7.11 https://takeonme.org/cves/CVE-2023-2905.html |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |