CVE-2023-34188

Published: Jun 23, 2023

Modified: Feb 28, 2025

PUBLISHED

Description

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f

https://github.com/cesanta/mongoose/pull/2197

https://github.com/cesanta/mongoose/compare/7.9...7.10

https://blog.narfindustries.com/blog/narf-discovers-critical-vulnerabilities-in-cesanta-mongoose-http-server

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-34188

Description

Affected Products

References