Aggregates CVE and security vulnerability intelligence across all monkey-project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues involve various input-handling and memory-safety problems that may affect software stability and security.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-63658 | A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | [email protected] | 7.5 | 0.41% | 2026-01-29 | 2026-02-13 |
| CVE-2025-63657 | An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | [email protected] | 7.5 | 1.31% | 2026-01-29 | 2026-02-13 |
| CVE-2025-63656 | An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | [email protected] | 7.5 | 1.31% | 2026-01-29 | 2026-02-13 |
| CVE-2025-63655 | A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | [email protected] | 7.5 | 1.29% | 2026-01-29 | 2026-02-13 |
| CVE-2025-63653 | An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | [email protected] | 7.5 | 1.31% | 2026-01-29 | 2026-02-13 |
| CVE-2025-63652 | A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | [email protected] | 7.5 | 1.31% | 2026-01-29 | 2026-02-13 |
| CVE-2025-63651 | A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | [email protected] | 7.5 | 1.22% | 2026-01-29 | 2026-02-19 |
| CVE-2025-63650 | An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | [email protected] | 7.5 | 1.31% | 2026-01-29 | 2026-02-19 |
| CVE-2025-63649 | An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server. | [email protected] | 7.5 | 0.02% | 2026-01-29 | 2026-02-19 |
| CVE-2013-2183 | Monkey HTTP Daemon has local security bypass | [email protected] | 7.1 | 0.10% | 2019-12-10 | 2024-11-21 |
| CVE-2013-2159 | Monkey HTTP Daemon: broken user name authentication | [email protected] | 9.8 | 0.46% | 2019-12-10 | 2024-11-21 |
| CVE-2013-1771 | The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. | [email protected] | 7.5 | 0.39% | 2019-11-07 | 2024-11-21 |
| CVE-2014-5336 | Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message. | [email protected] | 4.3 | 1.14% | 2014-08-26 | 2026-05-06 |
| CVE-2013-3843 | Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header. | [email protected] | 6.8 | 40.15% | 2014-06-13 | 2026-05-06 |
| CVE-2013-2182 | The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash. | [email protected] | 5.8 | 10.81% | 2014-06-13 | 2026-05-06 |
| CVE-2013-2163 | Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header. | [email protected] | 5.0 | 0.75% | 2014-06-13 | 2026-05-06 |
| CVE-2013-3724 | The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request. | [email protected] | 5.0 | 8.87% | 2013-08-01 | 2026-04-29 |
| CVE-2013-2181 | Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name. | [email protected] | 4.3 | 0.25% | 2013-07-29 | 2026-04-29 |
| CVE-2012-5303 | Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. | [email protected] | 6.9 | 0.04% | 2012-10-05 | 2026-04-29 |
| CVE-2012-4442 | Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check. | [email protected] | 4.7 | 0.06% | 2012-10-05 | 2026-04-29 |