CVE-2025-65502

Medium CVSS: 4.3

Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.

Vendor

Cesanta

Product

Mongoose

CWE

CWE-476

Yayın Tarihi

2025-11-24 14:15:48

Güncelleme

2025-12-12 13:32:49

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-476 Mongoose MEDIUM Cesanta 2025

Referanslar

https://github.com/cesanta/mongoose/issues/3306 https://github.com/cesanta/mongoose/pull/3307

Benzer Kayıtlar

Medium

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file…

Medium

CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of t…

Medium

CVE-2026-2966

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the…

High

CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially cr…