CVE-2024-3187

This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3187

Configurations

No configuration.

History

No history.

Information

Published : 2024-10-17 08:15

Updated : 2024-10-18 12:52

NVD link : CVE-2024-3187

Mitre link : CVE-2024-3187

CVE.ORG link : CVE-2024-3187

JSON object : View

Products Affected

No product.

CWE

CWE-415

Double Free

CWE-416

Use After Free

{"id": "CVE-2024-3187", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "prodsec@nozominetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.6}]}, "published": "2024-10-17T08:15:02.760", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3187", "source": "prodsec@nozominetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "prodsec@nozominetworks.com", "description": [{"lang": "en", "value": "CWE-415"}, {"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent."}, {"lang": "es", "value": "Este problema se debe a dos vulnerabilidades CWE-416 de Use After Free (UAF) y una vulnerabilidad CWE-415 de doble liberaci\u00f3n en las versiones de Goahead anteriores a la 6.0.0. Estas vulnerabilidades se deben a que los valores JST no se anulan cuando se liberan durante el an\u00e1lisis de las plantillas JST. Si la bandera ME_GOAHEAD_JAVASCRIPT est\u00e1 habilitada, un atacante remoto con privilegios para modificar archivos de plantillas de JavaScript (JST) podr\u00eda aprovechar esto proporcionando plantillas maliciosas. Esto puede provocar una corrupci\u00f3n de la memoria, lo que puede provocar una denegaci\u00f3n de servicio (DoS) o, en casos excepcionales, la ejecuci\u00f3n de c\u00f3digo, aunque esto \u00faltimo depende en gran medida del contexto."}], "lastModified": "2024-10-18T12:52:33.507", "sourceIdentifier": "prodsec@nozominetworks.com"}