Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-a5fa-6njr-dkff

Summary A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been made public and could be used. Upgrading to version 7.21 will fix this issue. The patch is named 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Aliases

alias	CVE-2026-5245

Fixed_packages

url	pkg:deb/debian/mongoose@0?distro=sid
purl	pkg:deb/debian/mongoose@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mongoose@0%3Fdistro=sid

url	pkg:deb/debian/mongoose@7.21%2Bds-2?distro=sid
purl	pkg:deb/debian/mongoose@7.21%2Bds-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mongoose@7.21%252Bds-2%3Fdistro=sid

url	pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3~bpo12%2B1
purl	pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3~bpo12%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3~bpo12%252B1

url	pkg:deb/debian/swupdate@2025.12%2Bdfsg-10~bpo13%2B2
purl	pkg:deb/debian/swupdate@2025.12%2Bdfsg-10~bpo13%2B2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10~bpo13%252B2

url	pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie
purl	pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10%3Fdistro=trixie

url	pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie

url	pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/swupdate@2020.11-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/swupdate@2020.11-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3h5r-u3s3-q3cw

vulnerability	VCID-4qed-ypyn-h7g8

vulnerability	VCID-5eyj-mkr1-jqbc

vulnerability	VCID-8k5u-kan2-bfbp

vulnerability	VCID-a5fa-6njr-dkff

vulnerability	VCID-cj9v-dzp9-5bh7

vulnerability	VCID-es9g-3cr2-4uch

vulnerability	VCID-f75j-a76g-kugg

vulnerability	VCID-gtby-yxnr-xkek

vulnerability	VCID-hhe3-54hd-uuf5

vulnerability	VCID-m2sa-chn1-7uep

vulnerability	VCID-mxz3-pufp-6kc9

vulnerability	VCID-n7j2-ujf3-hfb1

vulnerability	VCID-pwhy-vp1d-dbhs

vulnerability	VCID-t76j-dv6s-xyes

vulnerability	VCID-tyce-5v2b-v3d9

vulnerability	VCID-unah-qwxd-fkhm

vulnerability	VCID-vna9-pan1-27hj

vulnerability	VCID-vr12-852j-8ugs

vulnerability	VCID-wjb8-s5ks-4qek

vulnerability	VCID-ye6t-yc3z-y7e6

vulnerability	VCID-yn62-zvfs-hubf

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2020.11-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/swupdate@2020.11-2%2Bdeb11u1

purl pkg:deb/debian/swupdate@2020.11-2%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3h5r-u3s3-q3cw

vulnerability	VCID-4qed-ypyn-h7g8

vulnerability	VCID-5eyj-mkr1-jqbc

vulnerability	VCID-8k5u-kan2-bfbp

vulnerability	VCID-a5fa-6njr-dkff

vulnerability	VCID-cj9v-dzp9-5bh7

vulnerability	VCID-es9g-3cr2-4uch

vulnerability	VCID-f75j-a76g-kugg

vulnerability	VCID-gtby-yxnr-xkek

vulnerability	VCID-hhe3-54hd-uuf5

vulnerability	VCID-m2sa-chn1-7uep

vulnerability	VCID-mxz3-pufp-6kc9

vulnerability	VCID-n7j2-ujf3-hfb1

vulnerability	VCID-pwhy-vp1d-dbhs

vulnerability	VCID-t76j-dv6s-xyes

vulnerability	VCID-tyce-5v2b-v3d9

vulnerability	VCID-unah-qwxd-fkhm

vulnerability	VCID-vna9-pan1-27hj

vulnerability	VCID-vr12-852j-8ugs

vulnerability	VCID-wjb8-s5ks-4qek

vulnerability	VCID-ye6t-yc3z-y7e6

vulnerability	VCID-yn62-zvfs-hubf

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2020.11-2%252Bdeb11u1

url pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3h5r-u3s3-q3cw

vulnerability	VCID-4qed-ypyn-h7g8

vulnerability	VCID-5eyj-mkr1-jqbc

vulnerability	VCID-8k5u-kan2-bfbp

vulnerability	VCID-a5fa-6njr-dkff

vulnerability	VCID-cj9v-dzp9-5bh7

vulnerability	VCID-f75j-a76g-kugg

vulnerability	VCID-gtby-yxnr-xkek

vulnerability	VCID-hhe3-54hd-uuf5

vulnerability	VCID-m2sa-chn1-7uep

vulnerability	VCID-mxz3-pufp-6kc9

vulnerability	VCID-pwhy-vp1d-dbhs

vulnerability	VCID-vr12-852j-8ugs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2

purl pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3h5r-u3s3-q3cw

vulnerability	VCID-4qed-ypyn-h7g8

vulnerability	VCID-5eyj-mkr1-jqbc

vulnerability	VCID-8k5u-kan2-bfbp

vulnerability	VCID-a5fa-6njr-dkff

vulnerability	VCID-cj9v-dzp9-5bh7

vulnerability	VCID-f75j-a76g-kugg

vulnerability	VCID-gtby-yxnr-xkek

vulnerability	VCID-hhe3-54hd-uuf5

vulnerability	VCID-m2sa-chn1-7uep

vulnerability	VCID-mxz3-pufp-6kc9

vulnerability	VCID-pwhy-vp1d-dbhs

vulnerability	VCID-vr12-852j-8ugs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2

url pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3h5r-u3s3-q3cw

vulnerability	VCID-4qed-ypyn-h7g8

vulnerability	VCID-5eyj-mkr1-jqbc

vulnerability	VCID-8k5u-kan2-bfbp

vulnerability	VCID-a5fa-6njr-dkff

vulnerability	VCID-cj9v-dzp9-5bh7

vulnerability	VCID-f75j-a76g-kugg

vulnerability	VCID-gtby-yxnr-xkek

vulnerability	VCID-m2sa-chn1-7uep

vulnerability	VCID-mxz3-pufp-6kc9

vulnerability	VCID-vr12-852j-8ugs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie

url pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2

purl pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3h5r-u3s3-q3cw

vulnerability	VCID-4qed-ypyn-h7g8

vulnerability	VCID-5eyj-mkr1-jqbc

vulnerability	VCID-8k5u-kan2-bfbp

vulnerability	VCID-a5fa-6njr-dkff

vulnerability	VCID-cj9v-dzp9-5bh7

vulnerability	VCID-f75j-a76g-kugg

vulnerability	VCID-gtby-yxnr-xkek

vulnerability	VCID-m2sa-chn1-7uep

vulnerability	VCID-mxz3-pufp-6kc9

vulnerability	VCID-vr12-852j-8ugs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-5245

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07797
published_at	2026-06-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07841
published_at	2026-06-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07868
published_at	2026-06-06T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07856
published_at	2026-06-05T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.08205
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-5245

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5245
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5245

reference_url

https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1

reference_id

0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/

url

https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1

reference_url

https://vuldb.com/vuln/354826

reference_id

354826

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/

url

https://vuldb.com/vuln/354826

reference_url

https://github.com/cesanta/mongoose/releases/tag/7.21

reference_id

7.21

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/

url

https://github.com/cesanta/mongoose/releases/tag/7.21

reference_url

https://vuldb.com/submit/770103

reference_id

770103

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/

url

https://vuldb.com/submit/770103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose::::::::
reference_id	cpe:2.3:a:cesanta:mongoose::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose::::::::

reference_url

https://vuldb.com/vuln/354826/cti

reference_id

cti

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/

url

https://vuldb.com/vuln/354826/cti

reference_url

https://github.com/cesanta/mongoose/

reference_id

mongoose

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/

url

https://github.com/cesanta/mongoose/

Weaknesses

cwe_id	119
name	Improper Restriction of Operations within the Bounds of a Memory Buffer
description	The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

cwe_id	121
name	Stack-based Buffer Overflow
description	A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Exploits

Severity_range_score 5.1 - 6.3

Exploitability 0.5

Weighted_severity 5.7

Risk_score 2.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a5fa-6njr-dkff

Vulnerability Instance