CVE-2024-57435

{"id": "CVE-2024-57435", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-01-31T22:15:13.103", "references": [{"url": "https://github.com/peccc/restful_vul/blob/main/mall_tiny_dos/mall_tiny_dos.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/peccc/restful_vul/blob/main/mall_tiny_dos/mall_tiny_dos.md", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure."}, {"lang": "es", "value": "En macrozheng mall-tiny 1.0.1, un atacante puede enviar datos nulos a trav\u00e9s de la interfaz de creaci\u00f3n de recursos, lo que da como resultado una desreferencia de puntero nulo en todas las operaciones posteriores que requieren autenticaci\u00f3n, lo que desencadena un ataque de denegaci\u00f3n de servicio y una falla de reinicio del servicio."}], "lastModified": "2025-04-22T15:27:10.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:macrozheng:mall-tiny:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47F662EE-DFD9-48F0-9F7C-8474EF417F1E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}