CVE-2025-63655

High CVSS: 7.5

A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Vendor

Monkey-project

Product

Monkey

CWE

CWE-476

Yayın Tarihi

2026-01-29 20:16:08

Güncelleme

2026-02-13 20:34:11

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-476 Monkey HIGH Monkey-project 2026

Referanslar

https://github.com/archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md https://github.com/monkey/monkey/issues/427

Benzer Kayıtlar

High

CVE-2025-63656

An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers…

High

CVE-2025-63657

An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attacke…

High

CVE-2025-63658

A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to…

High

CVE-2025-63649

An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commi…

High

CVE-2025-63650

An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers t…

High

CVE-2025-63651

A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers t…