CVE-2018-20352

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
10/06/2019
Last modified:
17/06/2026

Description

Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:cesanta:mongoose_embedded_web_server_library:*:*:*:*:*:*:*:* 6.13 (including)