CVE-2024-42383
Published: 18 November 2024
Summary
CVE-2024-42383 is a medium-severity Use of Out-of-range Pointer Offset (CWE-823) vulnerability in Cesanta Mongoose. Its CVSS base score is 4.2 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-39587
Vulnerability details
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The out-of-range pointer offset vulnerability in the public-facing Mongoose Web Server enables remote exploitation for initial access (T1190) and can cause application crashes or denial of service through memory corruption (T1499.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.