CVE-2017-2921

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose version 6.8

Description A memory corruption issue exists in the Websocket protocol implementation. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow, which may result in denial of service and potential remote code execution. An attacker can trigger this issue by sending a specially crafted websocket packet over the network.

Recommendations For Cesanta Mongoose version 6.8, consider disabling the Websocket protocol implementation until a patch is available. Restrict access to the network to minimize the risk of exploitation. Avoid using the vulnerable Websocket protocol implementation in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.