CVE-2017-2891

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose version 6.8

Description A use-after-free issue exists in the HTTP server implementation, potentially allowing remote code execution. This can be triggered by an ordinary HTTP POST request with a CGI target, causing a reuse of a previously freed pointer. An attacker can exploit this by sending a crafted HTTP request over the network.

Recommendations For Cesanta Mongoose version 6.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.