CVE-2023-34188

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-34188

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34188.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-34188

Published

2023-06-23T20:15:09.053Z

Modified

2025-11-15T06:36:13.261659Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.

References

Affected packages

Git / github.com/cesanta/mongoose

Affected ranges

Type: GIT
Repo: https://github.com/cesanta/mongoose
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4663090a8fb036146dfe77718cff612b0101cb0f

Affected versions

3.*

3.2

3.3

3.4

3.5

3.6

3.7

3.8

4.*

4.0

4.1

5.*

5.0

5.1

5.2

5.3

5.4

5.5

5.5_20140120

5.6

6.*

6.0

6.1

6.10

6.11

6.12

6.13

6.14

6.15

6.16

6.17

6.18

6.2

6.3

6.4

6.5

6.6

6.7

6.8

6.9

7.*

7.0

7.1

7.2

7.3

7.4

7.5

7.6

7.7

7.8

7.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34188.json"

vanir_signatures

[
    {
        "digest": {
            "function_hash": "22924329069955829796574876128538256974",
            "length": 1849.0
        },
        "id": "CVE-2023-34188-0b5ab165",
        "signature_type": "Function",
        "source": "https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f",
        "target": {
            "function": "mg_http_parse",
            "file": "mongoose.c"
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "digest": {
            "line_hashes": [
                "129576276661233070448620185355840971472",
                "98595833391322836779939114508353504194",
                "184857933725410272994378387566191224185",
                "158528054727880270501243412856776060789"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2023-34188-2d87afb1",
        "signature_type": "Line",
        "source": "https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f",
        "target": {
            "file": "test/unit_test.c"
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "digest": {
            "function_hash": "174471736489639667752347908931053555599",
            "length": 8772.0
        },
        "id": "CVE-2023-34188-56b35355",
        "signature_type": "Function",
        "source": "https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f",
        "target": {
            "function": "test_http_server",
            "file": "test/unit_test.c"
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "digest": {
            "line_hashes": [
                "336041179814736780083971292354306731754",
                "116630214407399927492574344093172757706",
                "125174433765152709460455876025853153304",
                "157787091326085411331468482148866876748"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2023-34188-6aa83513",
        "signature_type": "Line",
        "source": "https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f",
        "target": {
            "file": "src/http.c"
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "digest": {
            "function_hash": "22924329069955829796574876128538256974",
            "length": 1849.0
        },
        "id": "CVE-2023-34188-9c0f860a",
        "signature_type": "Function",
        "source": "https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f",
        "target": {
            "function": "mg_http_parse",
            "file": "src/http.c"
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "digest": {
            "line_hashes": [
                "336041179814736780083971292354306731754",
                "116630214407399927492574344093172757706",
                "125174433765152709460455876025853153304",
                "157787091326085411331468482148866876748"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2023-34188-f3401c9c",
        "signature_type": "Line",
        "source": "https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f",
        "target": {
            "file": "mongoose.c"
        },
        "deprecated": false,
        "signature_version": "v1"
    }
]