The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
References
Configurations
History
06 Sep 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests. |
17 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jul 2023, 16:03
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Cesanta
Cesanta mongoose |
|
CPE | cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f - Patch | |
References | (MISC) https://github.com/cesanta/mongoose/pull/2197 - Patch | |
References | (MISC) https://github.com/cesanta/mongoose/compare/7.9...7.10 - Release Notes |
23 Jun 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-23 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-34188
Mitre link : CVE-2023-34188
CVE.ORG link : CVE-2023-34188
JSON object : View
Products Affected
cesanta
- mongoose
CWE