Cesanta Mongoose
17 CVEs affecting Cesanta Mongoose. Latest disclosed: 2026-04-25. Critical: 5, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-2922 | Critical | 9.8 | 2017-11-07 | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet ca… |
CVE-2017-2921 | Critical | 9.8 | 2017-11-07 | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet ca… |
CVE-2017-2894 | Critical | 9.8 | 2017-11-07 | An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE… |
CVE-2017-2892 | Critical | 9.8 | 2017-11-07 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can… |
CVE-2017-2891 | Critical | 9.8 | 2017-11-07 | An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target c… |
CVE-2017-2895 | High | 8.2 | 2017-11-07 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE… |
CVE-2017-2909 | High | 7.5 | 2017-11-07 | An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinit… |
CVE-2017-2893 | High | 7.5 | 2017-11-07 | An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cau… |
CVE-2026-5244 | High | 7.3 | 2026-04-02 | A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handl… |
CVE-2026-5246 | Medium | 5.6 | 2026-04-02 | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-… |
CVE-2026-5245 | Medium | 5.6 | 2026-04-02 | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Hand… |
CVE-2026-6985 | Medium | 5.3 | 2026-04-25 | A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the compone… |
CVE-2026-6986 | Low | 3.7 | 2026-04-25 | A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of… |
CVE-2026-2968 | Low | 3.7 | 2026-02-23 | A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the comp… |
CVE-2026-2967 | Low | 3.7 | 2026-02-23 | A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TC… |
CVE-2026-2966 | Low | 3.7 | 2026-02-23 | A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Tr… |
CVE-2023-2905 | | 2023-08-09 | Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web serv… |