GoAhead Web Server Vulnerable to NULL Pointer Dereference Attacks
CVE-2024-3184

5.9MEDIUM

Key Information:

Vendor: Embedthis
Status: Goahead
Vendor: CVE Published:; 17 October 2024

What is CVE-2024-3184?

Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS).

Affected Version(s)

GoAhead 0 <= 6.0.0

References

https://www.nozominetworks.com/labs/vulnerability-advisor...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Apr 2, 2024

Credit

Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.

Embedthis

What is CVE-2024-3184?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit