Philipp Promeuschel

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose Embedded Web Server Library versions 6.7 and earlier Mongoose OS versions 1.2 and earlier **Description** The issue is related to a use-after-free vulnerability in the `mg http multipart wait for boundary` function. This vulnerability can be exploited by sending a multipart/form-data POST request without a MIME boundary string, which can cause a denial of service (crash). **Recommendations** For Cesanta Mongoose Embedded Web Server Library versions 6.7 and earlier, update to a version later than 6.7 to resolve the issue. For Mongoose OS versions 1.2 and earlier, update to a version later than 1.2 to resolve the issue. As a temporary workaround, consider restricting access to the `mg http multipart wait for boundary` function until a patch is available.