Main Vulnerability Database Vulnerabilities #VU111830

#VU111830 Out-of-bounds write in Mongoose - CVE-2021-26528

Published: November 21, 2024 / Updated: June 23, 2025

Vulnerability identifier: #VU111830

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-26528

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mongoose

Software vendor:
Cesanta Software Ltd.

Description

The vulnerability allows a remote non-authenticated attacker to damange or delete data.

The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

Remediation

Install update from vendor's website.

External links

https://github.com/cesanta/mongoose/issues/1201

#VU111830 Out-of-bounds write in Mongoose - CVE-2021-26528

Description

Remediation

External links

Please verify you're human