CVE-2024-42392

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 18, 2024
Updated: Nov 19, 2024
CWE ID 140

Summary

CVE-2024-42392 is an Improper Neutralization of Delimiters vulnerability affecting Cesanta Mongoose Web Server version 7.14. This issue arises when the server fails to properly handle unexpected input characters, resulting in an infinite loop bug. Successful exploitation of this vulnerability could lead to a denial-of-service condition or potentially more severe consequences, such as unauthorized access or data leakage. Users are recommended to upgrade to a patched version of the server as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share