CVE-2024-42387

Summary

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Affected Software

VendorProductVersion RangeStatus
CesantaMongoose Web Server0 <= 7.14affected

Weaknesses

  • CWE-823: CWE-823 Use of Out-of-range Pointer Offset

Workarounds

It is highly recommended to not expose the vulnerable component inside an untrusted network.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References