The_Evilsocket

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose versions up to 7.20 Description A flaw exists in the TLS 1.3 Handler component of Cesanta Mongoose, specifically within the `mg tls recv cert` function in the `mongoose.c` file. Manipulation of the `pubkey` argument can lead to a heap-based buffer overflow, potentially allowing for remote attacks. Recommendations Upgrade to version 7.21 or later.

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose versions up to 7.20 Description A flaw exists in Cesanta Mongoose up to version 7.20 within the mDNS Record Handler component, specifically in the `handle mdns record` function of the `mongoose.c` file. Manipulation of the `buf` argument can lead to a stack-based buffer overflow. Remote exploitation is possible, but requires a high degree of complexity and is considered difficult. The exploit has been publicly disclosed. Recommendations Upgrade to version 7.21 or later.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose versions prior to 7.21 **Description** A flaw in the P-384 Public Key Handler component, specifically within the `mg tls verify cert signature()` function of the `mongoose.c` file, allows for remote authorization bypass through manipulation. **Recommendations** Update to version 7.21.