CVE-2024-42388

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*

History

19 Nov 2024, 17:51

Type Values Removed Values Added
CPE cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other
References () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42388 - () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42388 - Third Party Advisory
First Time Cesanta
Cesanta mongoose

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) El uso de la vulnerabilidad de desplazamiento de puntero fuera de rango en Cesanta Mongoose Web Server v7.14 permite a un atacante enviar un paquete TLS inesperado y obligar a la aplicación a leer un espacio de memoria de montón no deseado.

18 Nov 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-18 10:15

Updated : 2024-11-19 17:51


NVD link : CVE-2024-42388

Mitre link : CVE-2024-42388

CVE.ORG link : CVE-2024-42388


JSON object : View

Products Affected

cesanta

  • mongoose
CWE
NVD-CWE-Other CWE-823

Use of Out-of-range Pointer Offset