Use-after-free vulnerability in Cesanta Mongoose 6.8 HTTP Server Implementation

Use-after-free vulnerability in Cesanta Mongoose 6.8 HTTP Server Implementation

CVE-2017-2891 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.

Learn more about our Cis Benchmark Audit For Server Software.