Cesanta Mongoose Heap-Based Buffer Overflow Vulnerability in TLS 1.3 Handler

A heap-based buffer overflow vulnerability has been identified in Cesanta Mongoose versions prior to 7.21. The issue arises in the TLS 1.3 Handler, specifically within the `mg_tls_recv_cert` function in `mongoose.c`. The vulnerability allows for remote exploitation by manipulating the `pubkey` argument, leading to a buffer overflow that overwrites adjacent memory on the heap. This vulnerability has been publicly disclosed and is actively exploitable, with a proof-of-concept exploit available.

Impact

Exploitation of this vulnerability allows for remote code execution by overwriting the `mg_connection->fn` function pointer with the address of attacker-controlled shellcode, which is executed when the connection is closed.

Reproduction

The vulnerability can be reproduced by sending a crafted X.509 certificate with an oversized RSA modulus during a TLS 1.3 handshake. This certificate is processed by the `mg_tls_recv_cert` function, where the excessive modulus size overflows a fixed-size buffer, writing arbitrary data into the `mg_connection` struct. Once the overflowed data includes a pointer to shellcode, the `mg_error` function can be called to execute the shellcode, achieving remote code execution.

Remediation

Users are advised to upgrade to Cesanta Mongoose version 7.21, which addresses this vulnerability. The patched version is available on the Cesanta Mongoose GitHub releases page.