PT-2026-29715 · Cesanta · Cesanta Mongoose
The_Evilsocket
·
Published
2026-04-02
·
Updated
2026-04-30
·
CVE-2026-5245
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cesanta Mongoose versions up to 7.20
Description
A flaw exists in Cesanta Mongoose up to version 7.20 within the mDNS Record Handler component, specifically in the
handle mdns record function of the mongoose.c file. Manipulation of the buf argument can lead to a stack-based buffer overflow. Remote exploitation is possible, but requires a high degree of complexity and is considered difficult. The exploit has been publicly disclosed.Recommendations
Upgrade to version 7.21 or later.
Fix
Buffer Overflow
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cesanta Mongoose