Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cesanta Mongoose 缓冲区错误漏洞
Vulnerability Description
Cesanta Mongoose是爱尔兰Cesanta公司的一套嵌入式服务器库,它包括TCP、HTTP客户端和服务器、WenSocket客户端和服务器等功能。 Cesanta MongooseOS mJS 1.26 存在缓冲区错误漏洞,该漏洞源于恶意形成的JSON字符串可以触发mjs JSON解析中基于堆的缓冲区溢出,这可能会导致控制流的重定向。
CVSS Information
N/A
Vulnerability Type
N/A