CVE-2024-42392

Summary

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.

Affected Software

VendorProductVersion RangeStatus
CesantaMongoose Web Server0 <= 7.14affected

Weaknesses

  • CWE-140: CWE-140 Improper Neutralization of Delimiters

Workarounds

It is highly recommended to not expose the vulnerable component inside an untrusted network.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References