Monkey HTTP Server Out-of-Bounds Read Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in the Monkey HTTP Server, specifically in the mk_ptr_to_buf function within mk_core/mk_memory.c. This issue arises from an out-of-bounds read, which can be exploited by sending a crafted HTTP request to the server. The vulnerability is present in Monkey through commit f37e984.

Impact

Exploitation of this vulnerability causes a denial-of-service condition on the server.

Added: Jan 29, 2026, 8:29 PM

Updated: Jan 29, 2026, 8:29 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.3

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.3

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Monkey HTTP Server Out-of-Bounds Read Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

Monkey

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating