Null Pointer Dereference in Macrozheng's Mall-Tiny eCommerce Platform
CVE-2024-57435

6.5MEDIUM

Key Information:

Vendor: Macrozheng
Status: Mall-Tiny
Vendor: CVE Published:; 31 January 2025

What is CVE-2024-57435?

In version 1.0.1 of Macrozheng's Mall-Tiny, a flaw exists where an attacker can exploit the resource creation interface by sending null data. This leads to a null pointer dereference during subsequent authenticated operations, potentially causing a denial-of-service condition. The exploit can not only interrupt service availability but also trigger a failure in service restarts, making it critical for users to address this vulnerability promptly.

References

https://github.com/peccc/restful_vul/blob/main/mall_tiny_...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 9, 2025

JSON