Monkey HTTP Server Use-After-Free Vulnerability in String Character Search Function Allowing Denial-of-Service

Vulnerability

A use-after-free vulnerability has been identified in the Monkey HTTP Server, specifically in the mk_string_char_search function within mk_core/mk_string.c. This vulnerability is present in Monkey through commit f37e984. It allows attackers to cause a denial-of-service condition by sending a crafted HTTP request to the server.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the server to become unresponsive or unavailable.

Added: Jan 29, 2026, 8:29 PM

Updated: Jan 29, 2026, 8:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Monkey HTTP Server Use-After-Free Vulnerability in String Character Search Function Allowing Denial-of-Service

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating