Remote OOB Write Vulnerability in Cesanta Mongoose HTTP Server 7.0

Remote OOB Write Vulnerability in Cesanta Mongoose HTTP Server 7.0

CVE-2021-26528 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

Learn more about our Cis Benchmark Audit For Server Software.