Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Cesanta — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting Cesanta. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Cesanta operates as a software development firm specializing in embedded systems, notably providing the Mongoose web server and MongoDB C driver. These core products are widely integrated into IoT devices and network infrastructure, making their security posture critical for broader ecosystem stability. Historical vulnerability records indicate a prevalence of memory corruption issues, including buffer overflows and use-after-free errors, which frequently lead to remote code execution. While cross-site scripting and privilege escalation have appeared, they are less dominant than low-level memory safety failures. The company has addressed numerous Common Vulnerabilities and Exposures through patches, reflecting an ongoing effort to mitigate risks in resource-constrained environments. No single catastrophic incident has defined their public record, but the cumulative impact of multiple CVEs highlights the challenges of maintaining secure codebases in complex, embedded networking libraries.

Top products by Cesanta: Mongoose Mongoose Web Server Frozen
CVE IDTitleCVSSSeverityPublished
CVE-2026-6986 Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification — MongooseCWE-347 3.7 Low2026-04-25
CVE-2026-6985 Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop — MongooseCWE-835 5.3 Medium2026-04-25
CVE-2026-5246 Cesanta Mongoose P-384 Public Key mongoose.c mg_tls_verify_cert_signature authorization — MongooseCWE-639 5.6 Medium2026-04-02
CVE-2026-5245 Cesanta Mongoose mDNS Record mongoose.c handle_mdns_record stack-based overflow — MongooseCWE-121 5.6 Medium2026-04-02
CVE-2026-5244 Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflow — MongooseCWE-122 7.3 High2026-04-02
CVE-2018-25193 Mongoose Web Server 6.9 Denial of Service via Socket Connection — Mongoose Web ServerCWE-1188 7.5 High2026-03-06
CVE-2026-2968 Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification — MongooseCWE-347 3.7 Low2026-02-23
CVE-2026-2967 Cesanta Mongoose TCP Sequence Number net_builtin.c getpeer verification of source — MongooseCWE-940 3.7 Low2026-02-23
CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values — MongooseCWE-330 3.7 Low2026-02-23
CVE-2025-0696 frozen 代码问题漏洞 — FrozenCWE-476 5.3 Medium2025-01-27
CVE-2025-0695 frozen 安全漏洞 — FrozenCWE-770 5.3 Medium2025-01-27
CVE-2024-42392 Improper Neutralization of Delimiters in Mongoose Web Server library — Mongoose Web ServerCWE-140 4.0 Medium2024-11-18
CVE-2024-42391 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web ServerCWE-823 4.3 Medium2024-11-18
CVE-2024-42390 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web ServerCWE-823 4.3 Medium2024-11-18
CVE-2024-42389 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web ServerCWE-823 5.3 Medium2024-11-18
CVE-2024-42388 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web ServerCWE-823 5.3 Medium2024-11-18
CVE-2024-42387 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web ServerCWE-823 5.3 Medium2024-11-18
CVE-2024-42386 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web ServerCWE-823 8.2 High2024-11-18
CVE-2024-42385 Improper Neutralization of Delimiters in Mongoose Web Server library — Mongoose Web ServerCWE-140 4.0 Medium2024-11-18
CVE-2024-42384 Integer Overflow or Wraparound in Mongoose Web Server library — Mongoose Web ServerCWE-190 7.5 High2024-11-18
CVE-2024-42383 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web ServerCWE-823 4.2 Medium2024-11-18
CVE-2023-2905 Cesanta Mongoose MQTT Message Parsing Heap Overflow — MongooseCWE-122 9.8 -2023-08-09
CVE-2017-2891 Cesanta Mongoose 安全漏洞 — Mongoose 9.8 -2017-11-07
CVE-2017-2922 Cesanta Mongoose 安全漏洞 — Mongoose 9.8 -2017-11-07
CVE-2017-2921 Cesanta Mongoose 数字错误漏洞 — Mongoose 9.8 -2017-11-07
CVE-2017-2909 Cesanta Mongoose 安全漏洞 — Mongoose 7.5 -2017-11-07
CVE-2017-2895 Cesanta Mongoose 数字错误漏洞 — Mongoose 9.1 -2017-11-07
CVE-2017-2894 Cesanta Mongoose 缓冲区错误漏洞 — Mongoose 9.8 -2017-11-07
CVE-2017-2893 Cesanta Mongoose 安全漏洞 — Mongoose 7.5 -2017-11-07
CVE-2017-2892 Cesanta Mongoose 数字错误漏洞 — Mongoose 9.8 -2017-11-07

This page lists every published CVE security advisory associated with Cesanta. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.