Bug 1508837 (CVE-2017-2891, CVE-2017-2892, CVE-2017-2893, CVE-2017-2894, CVE-2017-2895, CVE-2017-2909, CVE-2017-2921, CVE-2017-2922) - CVE-2017-2892 CVE-2017-2891 CVE-2017-2909 CVE-2017-2922 CVE-2017-2921 CVE-2017-2895 CVE-2017-2894 CVE-2017-2893 mongoose: Multiple vulnerabilities fixed in version 6.8
Summary: CVE-2017-2892 CVE-2017-2891 CVE-2017-2909 CVE-2017-2922 CVE-2017-2921 CVE-201...
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2017-2891, CVE-2017-2892, CVE-2017-2893, CVE-2017-2894, CVE-2017-2895, CVE-2017-2909, CVE-2017-2921, CVE-2017-2922
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1491143 1491144
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-02 10:40 UTC by Andrej Nemec
Modified: 2019-09-29 14:24 UTC (History)
2 users (show)

Fixed In Version: mongoose 6.8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:30:13 UTC
Embargoed:


Attachments (Terms of Use)

Description Andrej Nemec 2017-11-02 10:40:20 UTC
CVE-2017-2892

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0399

CVE-2017-2891

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0398

CVE-2017-2909

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416

CVE-2017-2922

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0429

CVE-2017-2921

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow resulting leading to heap buffer overflow resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0428

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of=bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0402

CVE-2017-2894

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0401

CVE-2017-2893

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0400

Comment 1 Andrej Nemec 2017-11-02 10:40:55 UTC
Created mongoose tracking bugs for this issue:

Affects: epel-6 [bug 1491143]
Affects: fedora-all [bug 1491144]

Comment 2 Product Security DevOps Team 2019-06-08 03:30:13 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.