Cve-Reporting

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose HTTP server version 7.0 **Description** The issue concerns a remote out-of-bounds (OOB) write attack via a connection request after exhausting the memory pool. This is specifically related to the `mg http serve file` function. **Recommendations** For Cesanta Mongoose HTTP server version 7.0, consider restricting access to the `mg http serve file` function until a patch is available. As a temporary workaround, review and adjust memory pool management to prevent exhaustion and minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose HTTPS server version 7.0 **Description** The issue concerns a remote out-of-bounds (OOB) write attack via a connection request after exhausting the memory pool. This is related to the `mg tls init` function in the Cesanta Mongoose HTTPS server when compiled with OpenSSL support. **Recommendations** For Cesanta Mongoose HTTPS server version 7.0, consider disabling the `mg tls init` function as a temporary workaround until a patch is available. Restrict access to the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libmysofa library versions 0.5 through 1.1 Description: The issue arises from incorrect handling of input data in the loudness function within the libmysofa library, leading to a heap buffer overflow and access to an unallocated memory block. Recommendations: For libmysofa library versions 0.5 through 1.1, as a temporary workaround, consider disabling the loudness function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Symonics libmysofa versions 0.5 through 1.1 Description: The issue allows attackers to execute arbitrary code via a crafted SOFA file, due to a buffer overflow in the `readDataVar` function in `hdf/dataobject.c`. Recommendations: For versions 0.5 through 1.1, consider disabling the `readDataVar` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libmysofa versions 0.5 through 1.1 Description: The issue arises from incorrect handling of input data in the `mysofa resampler reset mem` function, leading to a heap buffer overflow and the potential overwriting of a large memory block. Recommendations: For libmysofa versions 0.5 through 1.1, consider disabling the `mysofa resampler reset mem` function as a temporary workaround until a patch is available.