CVE-2024-42384

Source
https://cve.org/CVERecord?id=CVE-2024-42384
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42384.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-42384
Published
2024-11-18T09:04:46.754Z
Modified
2026-07-15T01:49:00.277402316Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Integer Overflow or Wraparound in Mongoose Web Server library
Details

Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

Database specific
{
    "cwe_ids": [
        "CWE-190"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42384.json",
    "cna_assigner": "Nozomi"
}
References

Affected packages

Git / github.com/cesanta/mongoose

Affected ranges

Type
GIT
Repo
https://github.com/cesanta/mongoose
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.14"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

3.*
3.2
3.3
3.4
3.5
3.6
3.7
3.8
4.*
4.0
4.1
5.*
5.0
5.1
5.2
5.3
5.4
5.5
5.5_20140120
5.6
6.*
6.0
6.1
6.10
6.11
6.12
6.13
6.14
6.15
6.16
6.17
6.18
6.2
6.3
6.4
6.5
6.6
6.7
6.9
7.*
7.0
7.1
7.11
7.12
7.13
7.14
7.2
7.3
7.4
7.5
7.6
7.7
7.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42384.json"