CVE-2017-7185
- Source
- https://cve.org/CVERecord?id=CVE-2017-7185
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7185.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-7185
- Published
- 2017-04-10T15:59:00.503Z
- Modified
- 2026-05-17T11:54:43.049741565Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Use-after-free vulnerability in the mghttpmultipartwaitfor_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "vendor_product": "cesanta:mongoose_os", "extracted_events": [ { "last_affected": "1.2" } ], "cpes": [ "cpe:2.3:o:cesanta:mongoose_os:*:*:*:*:*:*:*:*" ] } ] }- References
-
- http://www.securityfocus.com/archive/1/540355/100/0/threaded
- https://www.exploit-db.com/exploits/41826/
- http://www.securityfocus.com/bid/97370
- https://github.com/cesanta/mongoose-os/commit/042eb437973a202d00589b13d628181c6de5cf5b
- https://github.com/cesanta/mongoose/commit/b8402ed0733e3f244588b61ad5fedd093e3cf9cc
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2017-7185_mongoose_os_use_after_free.txt