CVE-2023-34188

Name of the Vulnerable Software and Affected Versions Mongoose versions prior to 7.10

Description The issue arises from the HTTP server in Mongoose accepting requests with negative Content-Length headers. This can be exploited by an attacker sending a single malicious payload over TCP, causing the server to enter an infinite loop where it continuously reparses the payload and fails to respond to other requests.

Recommendations For versions prior to 7.10, update to version 7.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP server to minimize the risk of exploitation.