CVE-2017-2922

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose version 6.8

Description A memory corruption issue exists in the Websocket protocol implementation. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers, leading to a use-after-free issue that can be exploited for remote code execution. An attacker can trigger this by sending a specially crafted websocket packet over the network.

Recommendations For Cesanta Mongoose version 6.8, as a temporary workaround, consider disabling the Websocket protocol implementation until a patch is available. Restrict access to the Websocket functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.