CVE-2023-34188
7.5
HIGH
CVSS 3.1
EPSS 0.11%
Description
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
How to fix CVE-2023-34188
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/swupdate—no fix listed
Is CVE-2023-34188 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |