Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been made public and could be used. Upgrading to version 7.21 will fix this issue. The patch is named 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
AnalysisAI
Stack-based buffer overflow in Cesanta Mongoose mDNS Record Handler (versions up to 7.20) allows remote attackers to trigger memory corruption via malformed mDNS record data in the handle_mdns_record function. The vulnerability requires high attack complexity and network-level access but results in limited confidentiality, integrity, and availability impact. Publicly available exploit code exists; vendor released patched version 7.21 with immediate availability.
Technical ContextAI
The vulnerability exists in the mDNS (Multicast DNS) record handling component of Mongoose, a lightweight embedded networking library. The root cause is a stack-based buffer overflow (CWE-121) in the handle_mdns_record function of mongoose.c, triggered by improper bounds checking when processing the buf argument during mDNS packet parsing. The affected CPE cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:* indicates all Mongoose versions through 7.20 are vulnerable. mDNS operates at the application layer for service discovery and hostname resolution; the overflow occurs during record deserialization, allowing attackers on the network to craft malicious mDNS packets that overwrite stack memory adjacent to the vulnerable buffer.
RemediationAI
Vendor-released patch: upgrade Cesanta Mongoose to version 7.21 or later. The fix is available at https://github.com/cesanta/mongoose/releases/tag/7.21, with the commit hash 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1 for upstream verification. Immediately update all Mongoose-based applications and embedded systems to version 7.21. No workarounds are documented; patching is the only remediation. Verify the update by checking Mongoose version in application startup logs or embedded firmware manifests. For air-gapped or legacy deployments unable to upgrade immediately, restrict untrusted mDNS traffic at the network boundary (e.g., firewall rules blocking UDP 5353 from external sources).
Mongoose ODM for Node.js before version 8.9.5 contains a search injection vulnerability when using $where filters with p
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. Rated crit
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8.
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8.
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4. Rated critical severity (CVSS 9.8), this vu
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6. Rated critical severity (CVSS 9.8), this vu
An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infin
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. Rated critical severity (CVSS 9.1
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OO
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connect
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18183