CVE-2024-42392

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42392	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-18 10:15

Updated : 2024-11-19 17:55

NVD link : CVE-2024-42392

Mitre link : CVE-2024-42392

CVE.ORG link : CVE-2024-42392

JSON object : View

Products Affected

cesanta

mongoose

CWE

CWE-140

Improper Neutralization of Delimiters

NVD-CWE-Other

{"id": "CVE-2024-42392", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "prodsec@nozominetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-18T10:15:08.753", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42392", "tags": ["Third Party Advisory"], "source": "prodsec@nozominetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "prodsec@nozominetworks.com", "description": [{"lang": "en", "value": "CWE-140"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de delimitadores en Cesanta Mongoose Web Server v7.14 permite desencadenar un error de bucle infinito si la cadena de entrada contiene caracteres inesperados."}], "lastModified": "2024-11-19T17:55:51.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25", "versionEndIncluding": "7.14"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@nozominetworks.com"}