CVE-2021-26528

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose HTTP server version 7.0

Description The issue concerns a remote out-of-bounds (OOB) write attack via a connection request after exhausting the memory pool. This is specifically related to the mg http serve file function.

Recommendations For Cesanta Mongoose HTTP server version 7.0, consider restricting access to the mg http serve file function until a patch is available. As a temporary workaround, review and adjust memory pool management to prevent exhaustion and minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.