CVE-2018-20352

2019-06-1016:15:42

mitre

www.cve.org

AI Score

8.9

Confidence

High

EPSS

0.004

Percentile

72.1%

JSON

Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

References

github.com/insi2304/mongoose-6.13-fuzz