CVE-2018-20352

2019-06-1017:29:02

Google

osv.dev

AI Score

7.8

Confidence

High

EPSS

0.004

Percentile

72.1%

JSON

Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

References

github.com/insi2304/mongoose-6.13-fuzz