Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cesanta Mongoose 安全漏洞
Vulnerability Description
Cesanta Mongoose是爱尔兰Cesanta公司的一套嵌入式服务器库,它包括TCP、HTTP客户端和服务器、WenSocket客户端和服务器等功能。Websocket protocol是其中的一个Websocket通信协议。 Cesanta Mongoose 6.8版本中的Websocket protocol实现存在释放后重用漏洞。远程攻击者可通过发送特制的websocket数据包利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A