OSV-2025-994

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mongoose/OSV-2025-994.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-994
Published
2025-12-18T00:00:43.710332Z
Modified
2025-12-21T14:32:46.078182Z
Summary
Heap-buffer-overflow in rx_icmp
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=469520969

Crash type: Heap-buffer-overflow READ 1
Crash state:
rx_icmp
mg_tcpip_rx
fuzz.c
References

Affected packages

OSS-Fuzz / mongoose

Package

Name
mongoose
Purl
pkg:generic/mongoose

Affected ranges

Type
GIT
Repo
https://github.com/cesanta/mongoose
Events
Introduced
756d127cabcc01646dce2862962b6d01b4dfb6c0
Fixed
63da5aa40393f701fda9d6401e009c7de359be90
Fixed
cb13900c320fbd751b2d8c0380361f3d4e460e91

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

introduced_range

"a49eb47a91ad63dcd378d1fa8ba3baf92e77afd9:5c582c35d82d73cfe16430d5d67268528e08b576"

fixed_range

"16d8e3b4f9356e69ba6f78d8e61f3c924411327d:63da5aa40393f701fda9d6401e009c7de359be90"