CVE-2024-42387 MEDIUM

CVE-2024-42387: Use of Out-of-range Pointer Offset in Mongoose Web Server library

Vendor Cesanta
Product Mongoose Web Server
Weakness CWE-823
Published November 18, 2024
Last update November 18, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Key dates

02Disclosure timeline

November 18, 2024 CVE published
November 18, 2024 Record updated