OSV-2026-216

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mongoose/OSV-2026-216.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-216
Published
2026-02-10T00:08:51.349946Z
Modified
2026-02-11T14:08:38.238200Z
Summary
Heap-buffer-overflow in mg_mqtt_next_prop
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=482698892

Crash type: Heap-buffer-overflow READ 1
Crash state:
mg_mqtt_next_prop
fuzz.c
References

Affected packages

OSS-Fuzz / mongoose

Package

Name
mongoose
Purl
pkg:generic/mongoose

Affected ranges

Type
GIT
Repo
https://github.com/cesanta/mongoose
Events
Introduced
c083f204fc16284f67d0d17e63cf21f53630d58c
Fixed
cc617d537d151fcba9d5f24fc79cb523dda55a55
Fixed
205d4c6832fe5eb8d9642de24af8a5e327be0cbc

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

introduced_range 
"70d268d95f7f0764ff23351bf84fa3359af45eb5:ba768693edf63ce452e7808ff5ccf5b92a8ccbca"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mongoose/OSV-2026-216.yaml"
fixed_range 
"ba768693edf63ce452e7808ff5ccf5b92a8ccbca:cc617d537d151fcba9d5f24fc79cb523dda55a55"