CVE-2026-5244
Heap-Based Buffer Overflow in Cesanta Mongoose TLS 1.3 Handler
Publication date: 2026-04-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cesanta | mongoose | From 7.0 (inc) to 7.21 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Cesanta Mongoose versions up to 7.20, specifically in the TLS 1.3 Handler component within the function mg_tls_recv_cert in the mongoose.c file. It involves manipulation of the argument pubkey, which leads to a heap-based buffer overflow. This type of overflow occurs when more data is written to a heap buffer than it can hold, potentially allowing an attacker to overwrite adjacent memory.
The vulnerability can be exploited remotely, meaning an attacker does not need local access to the system to launch an attack. The issue has been publicly disclosed and a patch has been released in version 7.21 to mitigate the problem.
How can this vulnerability impact me? :
The heap-based buffer overflow caused by this vulnerability can lead to several security risks including remote code execution, denial of service, or unauthorized access. Because the overflow occurs in the TLS 1.3 Handler, it may allow attackers to manipulate encrypted communications or crash the service handling TLS connections.
Exploitation of this vulnerability could compromise the confidentiality, integrity, and availability of the affected system or application. Attackers could potentially execute arbitrary code or cause the application to behave unpredictably, leading to system compromise or service disruption.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves a heap-based buffer overflow in the mg_tls_recv_cert function of Cesanta Mongoose up to version 7.20. Detection would typically involve monitoring for unusual or malformed TLS certificate exchanges that could trigger this overflow.
Since the vulnerability is in the TLS 1.3 handler and can be exploited remotely, network monitoring tools could be used to detect suspicious TLS handshake anomalies or malformed certificate data.
However, no specific detection commands or signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation step is to upgrade Cesanta Mongoose to version 7.21, which includes the patch that fixes this vulnerability.
The patch (commit 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1) introduces multiple security improvements including strict input validation and buffer size checks that prevent the heap-based buffer overflow.
If upgrading immediately is not possible, consider monitoring and restricting remote TLS connections to the affected component to reduce exposure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Cesanta Mongoose up to version 7.20 involves a heap-based buffer overflow in the TLS 1.3 handler, which can be exploited remotely. Such a vulnerability can potentially lead to unauthorized access, data corruption, or denial of service, which may impact the confidentiality, integrity, and availability of data.
While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, vulnerabilities that compromise TLS security and allow remote exploitation can undermine the protection of personal or sensitive data. This could lead to non-compliance with regulations that require secure handling and protection of data, such as GDPR's requirements for data security and breach notification, or HIPAA's mandates for safeguarding protected health information.
Upgrading to version 7.21 mitigates the issue, which is advisable to maintain compliance and reduce risk.