CVE-2021-26529
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
CRITICAL · CVSS 9.1
EPSS 0.00334
Act now
- Public exploit or PoC is available
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0