CVE-2017-2921: Integer Overflow
First published: Tue Nov 07 2017(Updated: )
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cesanta Mongoose | =6.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2017-2921.
What is the severity of CVE-2017-2921?
The severity of CVE-2017-2921 is critical with a severity value of 9.8.
What is the affected software in CVE-2017-2921?
The affected software in CVE-2017-2921 is Cesanta Mongoose version 6.8.
How does CVE-2017-2921 work?
CVE-2017-2921 is a memory corruption vulnerability in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution.
Is there a fix available for CVE-2017-2921?
At the moment, there is no information available regarding a specific fix for CVE-2017-2921. It is recommended to stay updated with the latest security patches and advisories from the vendor.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/cesanta
- canonical/cesanta mongoose
- version/cesanta mongoose/6.8