CVE-2021-26529

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose HTTPS server versions 6.7 through 7.0

Description The mg tls init function in the Cesanta Mongoose HTTPS server is vulnerable to a remote out-of-bounds (OOB) write attack via a connection request after exhausting the memory pool. This issue affects servers compiled with mbedTLS support.

Recommendations For versions 6.7 through 7.0, consider disabling the mg tls init function as a temporary workaround until a patch is available. Restrict access to the affected server to minimize the risk of exploitation. Avoid using the affected server for critical operations until the issue is resolved.