CVE-2024-3184

Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS).

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3184

Configurations

No configuration.

History

18 Oct 2024, 12:52

Type	Values Removed	Values Added
Summary		(es) Se encontraron múltiples vulnerabilidades de desreferencia de puntero nulo CWE-476 en GoAhead Web Server hasta la versión 6.0.0 cuando se compilaba con el indicador ME_GOAHEAD_REPLACE_MALLOC. Sin un notificador de memoria para errores de asignación, los atacantes remotos pueden explotar estas vulnerabilidades enviando solicitudes maliciosas, lo que provoca un bloqueo y una denegación de servicio (DoS).

17 Oct 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-17 08:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-3184

Mitre link : CVE-2024-3184

CVE.ORG link : CVE-2024-3184

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

5.9 /10