GCVE - cpe:2.3:a:cesanta:mongoose:6.13:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cesanta:mongoose:6.13:*:*:*:*:*:*:*

part: a version: 6.13 update: *

Vendor	Cesanta (`91223ef9-9be1-51ca-9999-b3190ce9965d`)
Product	Mongoose (`749d186c-b6b5-5dfe-a2fa-a74c5ea145b3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/cesanta/mongoose`	purl2cpe	2026-06-01 10:17:36.212261
`pkg:rpm/fedora/mongoose`	purl2cpe	2026-06-01 10:17:36.212263
`pkg:rpm/opensuse/mongoose`	purl2cpe	2026-06-01 10:17:36.212264
`pkg:sourceforge/mongoose-emb-web-server.mirror`	purl2cpe	2026-06-01 10:17:36.212265

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-19587`	vulnerable	2026-06-08 05:11:15.904704	Details available In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function. Published: 2018-11-27T07:00:00.000Z Updated: 2024-08-05T11:37:11.626Z Open on db.gcve.eu Reference links https://github.com/insi2304/mongoose-fuzz	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18765`	vulnerable	2026-06-08 05:11:14.669115	Details available An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Published: 2018-10-28T19:00:00.000Z Updated: 2024-08-05T11:16:00.424Z Open on db.gcve.eu Reference links https://twitter.com/thracky/status/1059472674940993541 https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20mg_mqtt_next_subscribe_topic%20heap%20buffer%20overflow.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18764`	vulnerable	2026-06-08 05:11:14.668645	Details available An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Published: 2018-10-28T19:00:00.000Z Updated: 2024-09-16T19:05:17.970Z Open on db.gcve.eu Reference links https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20getu16%20heap%20buffer%20overflow2.md https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20getu16%20heap%20buffer%20overflow1.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.