Cesanta Mongoose Web Server
11 CVEs affecting Cesanta Mongoose Web Server. Latest disclosed: 2026-03-06. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-42386 | High | 8.2 | 2024-11-18 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segment… |
CVE-2018-25193 | High | 7.5 | 2026-03-06 | Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connection… |
CVE-2024-42384 | High | 7.5 | 2024-11-18 | Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentatio… |
CVE-2024-42389 | Medium | 5.3 | 2024-11-18 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the applica… |
CVE-2024-42388 | Medium | 5.3 | 2024-11-18 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the applica… |
CVE-2024-42387 | Medium | 5.3 | 2024-11-18 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the applica… |
CVE-2024-42391 | Medium | 4.3 | 2024-11-18 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the applica… |
CVE-2024-42390 | Medium | 4.3 | 2024-11-18 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the applica… |
CVE-2024-42383 | Medium | 4.2 | 2024-11-18 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for t… |
CVE-2024-42392 | Medium | 4.0 | 2024-11-18 | Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains un… |
CVE-2024-42385 | Medium | 4.0 | 2024-11-18 | Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate… |