CVE-2024-42387— Use of Out-of-range Pointer Offset in Mongoose Web Server library
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-42387
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of Out-of-range Pointer Offset in Mongoose Web Server library
Source: NVD (National Vulnerability Database)
Vulnerability Description
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用越界的指针偏移
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cesanta Mongoose Web Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cesanta Mongoose Web Server是爱尔兰Cesanta公司的一款使用C语言编写的、跨平台的嵌入式服务器和网络库。 Cesanta Mongoose Web Server v7.14版本存在安全漏洞,该漏洞源于存在超出范围的指针偏移,允许攻击者发送意外的TLS数据包,并强制应用程序读取非预期的堆内存空间。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cesanta | Mongoose Web Server | 0 ~ 7.14 | - |
II. Public POCs for CVE-2024-42387
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-42387
请登录查看更多情报信息。
Same Patch Batch · Cesanta · 2024-11-18 · 10 CVEs total
| CVE-2024-42386 | 8.2 HIGH | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42384 | 7.5 HIGH | Integer Overflow or Wraparound in Mongoose Web Server library |
| CVE-2024-42389 | 5.3 MEDIUM | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42388 | 5.3 MEDIUM | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42390 | 4.3 MEDIUM | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42391 | 4.3 MEDIUM | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42383 | 4.2 MEDIUM | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42392 | 4.0 MEDIUM | Improper Neutralization of Delimiters in Mongoose Web Server library |
| CVE-2024-42385 | 4.0 MEDIUM | Improper Neutralization of Delimiters in Mongoose Web Server library |
IV. Related Vulnerabilities
Same product: Mongoose Web Server
- CVE-2018-25193
Mongoose Web Server 6.9 Denial of Service via Socket Connect - CVE-2024-42392
Improper Neutralization of Delimiters in Mongoose Web Server - CVE-2024-42391
Use of Out-of-range Pointer Offset in Mongoose Web Server li - CVE-2024-42390
Use of Out-of-range Pointer Offset in Mongoose Web Server li - CVE-2024-42389
Use of Out-of-range Pointer Offset in Mongoose Web Server li
Same vendor: Cesanta
- CVE-2026-6986
Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_ - CVE-2026-6985
Cesanta Mongoose TCP Option net_builtin.c handle_opt infinit - CVE-2026-5246
Cesanta Mongoose P-384 Public Key mongoose.c mg_tls_verify_c - CVE-2026-5245
Cesanta Mongoose mDNS Record mongoose.c handle_mdns_record s - CVE-2026-5244
Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-ba
Same weakness: CWE-823
V. Comments for CVE-2024-42387
No comments yet