CNNVD-202509-4391 Information

CNNVD ID

CNNVD-202509-4391

Related CVE

CVE-2025-51495

• CNNVD Published: 2025-09-29

Description (Chinese)

Mongoose是Automattic开源的一个 MongoDB 对象建模，旨在在异步环境中工作。 Mongoose 7.5版本至7.17版本存在安全漏洞，该漏洞源于WebSocket组件存在整数溢出，可能导致应用程序崩溃或缓冲区溢出。

Description (English)

Mongoose is a MongoDB object model from Automattic open source, designed to work in a walk-in environment. There is a security loophole in Mongoose versions 7.5 to 7.17, which stems from the integer spill of the WebSocket component, which could lead to an application collapse or a buffer zone spill.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Automattic

Published

2025-09-29

Last Modified

2026-02-24

References

http://mongoose.com https://github.com/cainiao159357/CVE-2025-51495 https://github.com/cesanta/mongoose https://github.com/cesanta/mongoose/pull/3131

Patch

https://github.com/cesanta/mongoose/releases