Cesanta Mongoose Web Server v714 DC-2024-42390

2024-11-19

Platform: Cesanta Mongoose Web Server
Version: 7.14
Vulnerability: Use of Out-of-range Pointer Offset
Severity: Medium (CVSS score: 4.3)
Date: November 18, 2024 (Published), November 19, 2024 (Last Modified)

What Undercode Says:

This vulnerability allows an attacker to send a specially crafted TLS packet to a vulnerable Mongoose web server. This packet can trick the server into reading unintended data from memory, potentially revealing sensitive information or allowing the attacker to execute code on the server.

Analytics:

This vulnerability affects Cesanta Mongoose Web Server version 7.14.
It is classified as a medium severity vulnerability with a CVSS score of 4.3.
An attacker can exploit this vulnerability by sending a specially crafted TLS packet.
A successful exploit could allow the attacker to read sensitive information or execute code on the server.
Upgrading to a non-vulnerable version of Mongoose is the recommended mitigation.

Note: This information is for educational purposes only. Please consult with a security professional for advice on mitigating this vulnerability in your specific environment.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top