Use-after-free vulnerability in mg_http_multipart_wait_for_boundary function in Cesanta Mongoose Embedded Web Server Library allows denial of service

Use-after-free vulnerability in mg_http_multipart_wait_for_boundary function in Cesanta Mongoose Embedded Web Server Library allows denial of service

CVE-2017-7185 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.

Learn more about our Web App Pen Testing.