QwikSec

Security Database

CVE

CWE

Training

CVE-2023-2905

Published: Aug 9, 2023

Modified: Oct 10, 2024

PUBLISHED

Description

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.

Vendor	Product	Versions
Cesanta	Mongoose	affected `7.10` unaffected `7.11`

Weaknesses (CWE)

References

https://takeonme.org/cves/CVE-2023-2905.html

third-party-advisory

technical-description

exploit

https://github.com/cesanta/mongoose/pull/2274

patch

https://github.com/cesanta/mongoose/releases/tag/7.11

release-notes

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.