CVE-2019-12951
CRITICALMongoose < 6.15 - Heap-Based Buffer Overflow in parse_mqtt()
Title source: llmDescription
An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/cesanta/mongoose/commit/b3e0f780c34cea88f057a62213c012aa88fe2deb
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/cesanta/mongoose/releases/tag/6.15
Scores
CVSS v3
9.8
EPSS
0.0195
EPSS Percentile
77.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
cesanta/mongoose
< 6.15
Published
Jun 24, 2019
Tracked Since
Feb 18, 2026