QwikSec

Security Database

CVE

CWE

Training

CVE-2017-7185

Published: Apr 10, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2017-7185_mongoose_os_use_after_free.txt

x_refsource_MISC

vdb-entry

x_refsource_BID

20170404 CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service

mailing-list

x_refsource_BUGTRAQ

https://github.com/cesanta/mongoose-os/commit/042eb437973a202d00589b13d628181c6de5cf5b

x_refsource_CONFIRM

https://github.com/cesanta/mongoose/commit/b8402ed0733e3f244588b61ad5fedd093e3cf9cc

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.