Remote OOB Write Vulnerability in Cesanta Mongoose HTTPS Server 7.0

Remote OOB Write Vulnerability in Cesanta Mongoose HTTPS Server 7.0

CVE-2021-26530 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

Learn more about our Cis Benchmark Audit For Server Software.