CVE-2017-2922: Use After Free
First published: Tue Nov 07 2017(Updated: )
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cesanta Mongoose | =6.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-2922?
CVE-2017-2922 is a memory corruption vulnerability in the Websocket protocol implementation of Cesanta Mongoose 6.8.
How severe is CVE-2017-2922?
CVE-2017-2922 has a severity rating of 9.8/10, indicating a critical vulnerability.
What software is affected by CVE-2017-2922?
Cesanta Mongoose 6.8 is affected by CVE-2017-2922.
How can CVE-2017-2922 be exploited?
CVE-2017-2922 can be exploited by sending a specially crafted websocket packet to trigger a use-after-free vulnerability.
Is there a fix available for CVE-2017-2922?
There is no specific fix mentioned for CVE-2017-2922, but applying the latest updates or patches from the vendor may address the vulnerability.
- collector/nvd-index
- vendor/cesanta
- canonical/cesanta mongoose
- version/cesanta mongoose/6.8