Vulnerability Database

296,416

Total vulnerabilities in the database

CVE-2023-2905

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.

Published: Aug 9, 2023
Updated: Aug 17, 2023
CVE: CVE-2023-2905
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
cesanta / mongoose	7.10	7.10.x

https://github.com/cesanta/mongoose/pull/2274
https://github.com/cesanta/mongoose/releases/tag/7.11
https://takeonme.org/cves/CVE-2023-2905.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo