CVE-2024-42387

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*

History

19 Nov 2024, 17:51

Type Values Removed Values Added
CWE NVD-CWE-Other
References () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42387 - () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42387 - Third Party Advisory
First Time Cesanta mongoose
Cesanta
CPE cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) El uso de la vulnerabilidad de desplazamiento de puntero fuera de rango en Cesanta Mongoose Web Server v7.14 permite a un atacante enviar un paquete TLS inesperado y obligar a la aplicación a leer un espacio de memoria de montón no deseado.

18 Nov 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-18 10:15

Updated : 2024-11-19 17:51


NVD link : CVE-2024-42387

Mitre link : CVE-2024-42387

CVE.ORG link : CVE-2024-42387


JSON object : View

Products Affected

cesanta

  • mongoose
CWE
NVD-CWE-Other CWE-823

Use of Out-of-range Pointer Offset