PT-2017-15607 · Cesanta · Mongoose

Published

2017-11-07

Updated

2022-06-13

CVE-2017-2909

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose version 6.8

Description A programming error in the DNS server functionality can cause an infinite loop when a specially crafted DNS request is received, resulting in high CPU usage and Denial Of Service. An attacker can trigger this issue by sending a packet over the network.

Recommendations For Cesanta Mongoose version 6.8, consider disabling the DNS server functionality until a patch is available to prevent potential Denial Of Service attacks.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2017-2909

Affected Products

Mongoose

PT-2017-15607 · Cesanta · Mongoose

CVE-2017-2909

Weakness Enumeration

Related Identifiers

Affected Products

References · 6