CVE-2017-7185

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose Embedded Web Server Library versions 6.7 and earlier Mongoose OS versions 1.2 and earlier

Description The issue is related to a use-after-free vulnerability in the mg http multipart wait for boundary function. This vulnerability can be exploited by sending a multipart/form-data POST request without a MIME boundary string, which can cause a denial of service (crash).

Recommendations For Cesanta Mongoose Embedded Web Server Library versions 6.7 and earlier, update to a version later than 6.7 to resolve the issue. For Mongoose OS versions 1.2 and earlier, update to a version later than 1.2 to resolve the issue. As a temporary workaround, consider restricting access to the mg http multipart wait for boundary function until a patch is available.