CVE-2024-42391
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-42391 is a newly disclosed vulnerability affecting Cesanta Mongoose Web Server version 7.14. This issue involves an Out-of-range Pointer Offset vulnerability, which enables an attacker to send malicious TLS packets. As a result, the application is forced to read unintended memory locations from the heap, potentially leading to arbitrary code execution or memory corruption. The attacker can exploit this vulnerability to gain unauthorized access or cause denial-of-service conditions. It is crucial for users running Mongoose Web Server version 7.14 to apply the available patch or upgrade to a secure version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Cesanta Software Limited