The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-23T00:00:00
Updated: 2023-09-06T16:32:14.992132
Reserved: 2023-05-30T00:00:00
Link: CVE-2023-34188
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-23T20:15:09.053
Modified: 2023-09-06T17:15:50.190
Link: CVE-2023-34188
JSON object: View
Redhat Information
No data.
CWE