The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
History

Mon, 02 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-23T00:00:00

Updated: 2024-12-02T15:00:27.041Z

Reserved: 2023-05-30T00:00:00

Link: CVE-2023-34188

cve-icon Vulnrichment

Updated: 2024-08-02T16:01:54.242Z

cve-icon NVD

Status : Modified

Published: 2023-06-23T20:15:09.053

Modified: 2024-12-02T15:15:08.200

Link: CVE-2023-34188

cve-icon Redhat

No data.