admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-2905.md

18 lines
891 B
Markdown
Raw Permalink Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-2905](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2905)
![](https://img.shields.io/static/v1?label=Product&message=Mongoose&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen)
### Description
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.
### POC
#### Reference
- https://takeonme.org/cves/CVE-2023-2905.html
#### Github
Update CVE sources 2024-08-05 18:41
2024-08-05 18:41:32 +00:00
- https://github.com/DiRaltvein/memory-corruption-examples
Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
Reference in New Issue Copy Permalink