Main Vulnerability Database Vulnerabilities #VU111820

#VU111820 Input validation error in Mongoose - CVE-2024-42392

Published: November 19, 2024 / Updated: June 23, 2025

Vulnerability identifier: #VU111820

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-42392

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mongoose

Software vendor:
Cesanta Software Ltd.

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.

Remediation

Install update from vendor's website.

External links

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42392

#VU111820 Input validation error in Mongoose - CVE-2024-42392

Description

Remediation

External links

Please verify you're human