2024-11-19
Platform: Cesanta Mongoose Web Server
Version: 7.14
Vulnerability: Use of Out-of-range Pointer Offset
Severity: Medium
Date: November 18, 2024 (Published), November 19, 2024 (Last Modified)
What Undercode Says:
This CVE details a vulnerability in Cesanta Mongoose Web Server version 7.14. An attacker can exploit this flaw by sending a specially crafted TLS packet, potentially allowing them to read unintended data from the server’s memory. The severity of this vulnerability is rated as medium according to the CVSS v3 scoring system.
Here’s a breakdown of the information:
Vulnerability Type: Use of Out-of-range Pointer Offset (CWE-823)
Affected Software: Cesanta Mongoose Web Server v7.14
Impact: Potential unauthorized memory access
Severity: Medium (CVSS v3 score: 5.3)
Recommendation: Upgrade to a patched version of Cesanta Mongoose Web Server if available.
It’s important to note that this information is based on publicly available data. For the latest updates and recommendations, refer to official sources from Cesanta.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help