Package mongoose updated to version 7.16-alt1 for branch sisyphus_loongarch64.

Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42383

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42383

Published: 2024-11-18
Modified: 2025-01-13

CVE-2024-42384

Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://www.nozominetworks.com/blog

Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42385

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42385

Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42386

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42386

Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42387

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42387

Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42388

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42388

Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42389

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42389

Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42390

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42390

Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42391

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42391

Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42392

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42392

Version: 2.1.0

Package mongoose update in sisyphus_loongarch64 on 2025-02-20

ALT-PU-2025-3244-1

Closed vulnerabilities

CVE-2024-42383

CVE-2024-42384

CVE-2024-42385

CVE-2024-42386

CVE-2024-42387

CVE-2024-42388

CVE-2024-42389

CVE-2024-42390

CVE-2024-42391

CVE-2024-42392