CVE-2024-57435
Published: 31 January 2025
Summary
CVE-2024-57435 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Macrozheng Mall-Tiny. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 44.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53589
Vulnerability details
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables denial-of-service via null pointer dereference in authentication operations, crashing the service (T1499.004: Application or System Exploitation) and causing service restart failure (T1490: Inhibit System Recovery).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.