| タイトル | Cesanta Mongoose Embedded Web Server 7.20 Improper Validation of Specified Index, Position, or Offset in I |
|---|
| 説明 | The built-in TCP/IP stack (MIP) in Mongoose accepts TCP RST packets without validating the source IP address or the sequence number thus allowing an attacker to terminate arbitrary TCP sessions.
The getpeer() function in /src/net_builtin.c matches incoming TCP segments to existing connections using only the port pair (source port, destination port), ignoring the source IP address entirely. Once a connection is matched, the rx_tcp() function immediately terminates the connection upon seeing the RST flag without checking whether the segment's sequence number falls within the valid receive window. This violates RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks) and allows any host on the network to terminate arbitrary TCP connections by sending a single forged RST packet with the correct port pair and any source IP or sequence number. |
|---|
| ソース | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Mongoose/tcp_rst.md |
|---|
| ユーザー | dwbruijn (UID 93926) |
|---|
| 送信 | 2026年02月10日 18:28 (3 月 ago) |
|---|
| モデレーション | 2026年02月22日 08:57 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 347334 [Cesanta Mongoose 迄 7.20 TCP Sequence Number /src/net_builtin.c getpeer サービス拒否] |
|---|
| ポイント | 20 |
|---|