CVE-2024-42385

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*

History

19 Nov 2024, 17:54

Type Values Removed Values Added
CPE cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other
First Time Cesanta mongoose
Cesanta
References () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42385 - () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42385 - Third Party Advisory
CVSS v2 : unknown
v3 : 4.0
v2 : unknown
v3 : 7.0

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de neutralización incorrecta de delimitadores en Cesanta Mongoose Web Server v7.14 permite activar una escritura en memoria fuera de los límites si el certificado PEM contiene caracteres inesperados.

18 Nov 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-18 10:15

Updated : 2024-11-19 17:54


NVD link : CVE-2024-42385

Mitre link : CVE-2024-42385

CVE.ORG link : CVE-2024-42385


JSON object : View

Products Affected

cesanta

  • mongoose
CWE
NVD-CWE-Other CWE-140

Improper Neutralization of Delimiters