CVE-2021-27425

Name of the Vulnerable Software and Affected Versions Cesanta Software Mongoose-OS version 2.17.0

Description The issue is related to an integer wrap-around in the mm malloc function, leading to improper memory assignment. This can result in arbitrary memory allocation, causing unexpected behavior such as a crash or remote code injection/execution. The vulnerability can be exploited by a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations For Cesanta Software Mongoose-OS version 2.17.0, consider disabling the mm malloc function as a temporary workaround until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.