The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
Metrics
Affected Vendors & Products
References
History
Mon, 02 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-1284 | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-23T00:00:00
Updated: 2024-12-02T15:00:27.041Z
Reserved: 2023-05-30T00:00:00
Link: CVE-2023-34188
Vulnrichment
Updated: 2024-08-02T16:01:54.242Z
NVD
Status : Modified
Published: 2023-06-23T20:15:09.053
Modified: 2024-12-02T15:15:08.200
Link: CVE-2023-34188
Redhat
No data.