CVE-2024-42392 MEDIUM

CVE-2024-42392: Improper Neutralization of Delimiters in Mongoose Web Server library

Vendor Cesanta
Product Mongoose Web Server
Weakness CWE-140
Published November 18, 2024
Last update November 18, 2024

CVSS base score

4.0/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.

Key dates

02Disclosure timeline

November 18, 2024 CVE published
November 18, 2024 Record updated