CVE-2019-19307

An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.
References
Link Resource
https://github.com/cesanta/mongoose/issues/1055 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cesanta:mongoose:6.16:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-26 16:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-19307

Mitre link : CVE-2019-19307

CVE.ORG link : CVE-2019-19307


JSON object : View

Products Affected

cesanta

  • mongoose
CWE
CWE-125

Out-of-bounds Read

CWE-190

Integer Overflow or Wraparound

CWE-787

Out-of-bounds Write

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')