{"vulnerability": "CVE-2023-34188", "sightings": [{"uuid": "ce04eddd-0636-429a-b43c-e0e3df886592", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34188", "type": "seen", "source": "Telegram/zrQ78lwl6lVCUd-rwRs9Ml1l5aaG2FNQYpaTIpSuLuFRPBK3", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"}, {"uuid": "e4982965-b6a1-4705-8933-6d8b7d93168a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34188", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5892", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34188\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.\n\ud83d\udccf Published: 2023-06-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T13:07:27.141Z\n\ud83d\udd17 References:\n1. https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f\n2. https://github.com/cesanta/mongoose/pull/2197\n3. https://github.com/cesanta/mongoose/compare/7.9...7.10\n4. https://blog.narfindustries.com/blog/narf-discovers-critical-vulnerabilities-in-cesanta-mongoose-http-server", "creation_timestamp": "2025-02-28T13:27:00.000000Z"}]}