Vulnerabilities in Cesanta
30 resultsCVE-2017-2894CRITICALAn exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafEPSS 31.0%CVE-2017-2893HIGHAn exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCEPSS 26.6%CVE-2017-2891CRITICALAn exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request EPSS 2.8%CVE-2017-2922CRITICALAn exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted EPSS 2.6%CVE-2017-2921HIGHAn exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted EPSS 2.4%CVE-2017-2892CRITICALAn exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafEPSS 2.4%CVE-2017-2909HIGHAn infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request cEPSS 1.4%CVE-2017-2895HIGHAn exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafEPSS 1.3%CVE-2023-2905—Cesanta Mongoose MQTT Message Parsing Heap OverflowEPSS 1.0%CVE-2026-5244MEDIUMCesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflowEPSS 0.7%CVE-2026-5245MEDIUMCesanta Mongoose mDNS Record mongoose.c handle_mdns_record stack-based overflowEPSS 0.7%CVE-2026-5246MEDIUMCesanta Mongoose P-384 Public Key mongoose.c mg_tls_verify_cert_signature authorizationEPSS 0.6%CVE-2026-6985MEDIUMCesanta Mongoose TCP Option net_builtin.c handle_opt infinite loopEPSS 0.6%CVE-2026-2967MEDIUMCesanta Mongoose TCP Sequence Number net_builtin.c getpeer verification of sourceEPSS 0.5%CVE-2024-42384HIGHInteger Overflow or Wraparound in Mongoose Web Server libraryEPSS 0.4%CVE-2026-2966MEDIUMCesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random valuesEPSS 0.4%CVE-2024-42386HIGHUse of Out-of-range Pointer Offset in Mongoose Web Server libraryEPSS 0.3%CVE-2018-25193HIGHMongoose Web Server 6.9 Denial of Service via Socket ConnectionEPSS 0.3%CVE-2025-0695MEDIUMAn Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce EPSS 0.3%CVE-2025-0696MEDIUMA NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embeEPSS 0.3%