The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
References
Configurations
History
06 Sep 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests. |
17 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jul 2023, 16:03
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f - Patch | |
References | (MISC) https://github.com/cesanta/mongoose/compare/7.9...7.10 - Release Notes | |
References | (MISC) https://github.com/cesanta/mongoose/pull/2197 - Patch | |
CPE | cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:* | |
First Time |
Cesanta
Cesanta mongoose |
|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
23 Jun 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-23 20:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-34188
Mitre link : CVE-2023-34188
CVE.ORG link : CVE-2023-34188
JSON object : View
Products Affected
cesanta
- mongoose
CWE