Type conversion in Mongoose - CVE-2024-42384
Published: January 13, 2025 / Updated: June 23, 2025
Vulnerability identifier: #VU111819
CSH Severity: Medium
CVSS v4.0:
CVE-ID: CVE-2024-42384
CWE-ID:
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cesanta Software Ltd.
Affected software:
Mongoose
Mongoose
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
How to mitigate CVE-2024-42384
Install update from vendor's website.