CVE-2024-42392

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42392	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*

History

19 Nov 2024, 17:55

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.0~~	v2 : unknown v3 : 7.5
References	~~() https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42392 -~~	() https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42392 - Third Party Advisory
First Time		Cesanta Cesanta mongoose
CPE		cpe:2.3:a:cesanta:mongoose::::::::
CWE		NVD-CWE-Other

18 Nov 2024, 17:11

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de neutralización incorrecta de delimitadores en Cesanta Mongoose Web Server v7.14 permite desencadenar un error de bucle infinito si la cadena de entrada contiene caracteres inesperados.

18 Nov 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-18 10:15

Updated : 2024-11-19 17:55

NVD link : CVE-2024-42392

Mitre link : CVE-2024-42392

CVE.ORG link : CVE-2024-42392

JSON object : View

Products Affected

cesanta

mongoose

CWE

NVD-CWE-Other CWE-140

Improper Neutralization of Delimiters

{"id": "CVE-2024-42392", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "prodsec@nozominetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.3}]}, "published": "2024-11-18T10:15:08.753", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42392", "tags": ["Third Party Advisory"], "source": "prodsec@nozominetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "prodsec@nozominetworks.com", "description": [{"lang": "en", "value": "CWE-140"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de delimitadores en Cesanta Mongoose Web Server v7.14 permite desencadenar un error de bucle infinito si la cadena de entrada contiene caracteres inesperados."}], "lastModified": "2024-11-19T17:55:51.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25", "versionEndIncluding": "7.14"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@nozominetworks.com"}