Bushraalorainio

**Name of the Vulnerable Software and Affected Versions** Mongoose version 6.18 **Description** The issue is a buffer overflow in the `mg resolve from hosts file` function when reading from a crafted hosts file. This can occur in Mongoose 6.18. **Recommendations** For Mongoose version 6.18, consider updating to a newer version that contains a fix for this issue, as using a crafted hosts file can lead to a buffer overflow in the `mg resolve from hosts file` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose version 6.18 **Description** A buffer overflow issue exists in the `mg get http header` function due to a lack of bounds checking, which can be exploited by a crafted HTTP header. **Recommendations** For Cesanta Mongoose version 6.18, consider applying bounds checking to the `mg get http header` function to prevent buffer overflow exploitation. As a temporary workaround, restrict the use of crafted HTTP headers until a patch is available.