Mongoose · Mongoose · CVE-2023-34188
**Name of the Vulnerable Software and Affected Versions**
Mongoose versions prior to 7.10
**Description**
The issue arises from the HTTP server in Mongoose accepting requests with negative Content-Length headers. This can be exploited by an attacker sending a single malicious payload over TCP, causing the server to enter an infinite loop where it continuously reparses the payload and fails to respond to other requests.
**Recommendations**
For versions prior to 7.10, update to version 7.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP server to minimize the risk of exploitation.