Common Weakness Enumeration

CWE-823

Allowed

Use of Out-of-range Pointer Offset

Abstraction: Base · Status: Incomplete

The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.

177 vulnerabilities reference this CWE, most recent first.

GHSA-VCHC-7PH8-GWCP

Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-22 18:30
VLAI
Details

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64.sys, vbmatrixvaio64.sys, vbaudio_vmauxvaio.sys, vbaudio_vmvaio.sys, and vbaudio_vmvaio3*.sys). The drivers allocate non-paged pool and map it into user space, where a length value associated with the allocation is exposed and can be modified by an unprivileged local attacker. On subsequent IOCTL handling, the corrupted length is used directly as the IoAllocateMdl length argument without adequate integrity checks before building and mapping the MDL, which can cause a kernel crash (BSoD), typically PAGE_FAULT_IN_NONPAGED_AREA. This flaw allows a local user to trigger a denial-of-service on affected Windows systems.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23764"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-22T17:16:37Z",
    "severity": "MODERATE"
  },
  "details": "VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers allocate non-paged pool and map it into user space, where a length value associated with the allocation is exposed and can be modified by an unprivileged local attacker. On subsequent IOCTL handling, the corrupted length is used directly as the IoAllocateMdl length argument without adequate integrity checks before building and mapping the MDL, which can cause a kernel crash (BSoD), typically PAGE_FAULT_IN_NONPAGED_AREA. This flaw allows a local user to trigger a denial-of-service on affected Windows systems.",
  "id": "GHSA-vchc-7ph8-gwcp",
  "modified": "2026-01-22T18:30:41Z",
  "published": "2026-01-22T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23764"
    },
    {
      "type": "WEB",
      "url": "https://forum.vb-audio.com/viewtopic.php?p=7527#p7527"
    },
    {
      "type": "WEB",
      "url": "https://forum.vb-audio.com/viewtopic.php?p=7574#p7574"
    },
    {
      "type": "WEB",
      "url": "https://github.com/emkaix/security-research/tree/main/CVE-2026-23764"
    },
    {
      "type": "WEB",
      "url": "https://vb-audio.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/vb-audio-voicemeeter-and-matrix-drivers-dos-via-corrupted-ioallocatemdl-length"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VCQ5-WH47-842G

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-09-21 00:00
VLAI
Details

A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1352"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-24T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.",
  "id": "GHSA-vcq5-wh47-842g",
  "modified": "2022-09-21T00:00:42Z",
  "published": "2022-05-24T17:45:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1352"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VQM5-GF2R-4JJF

Vulnerability from github – Published: 2024-11-18 12:30 – Updated: 2024-11-18 12:30
VLAI
Details

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-18T10:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.",
  "id": "GHSA-vqm5-gf2r-4jjf",
  "modified": "2024-11-18T12:30:42Z",
  "published": "2024-11-18T12:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42388"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42388"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VVP9-7P8X-RFVV

Vulnerability from github – Published: 2026-03-16 20:48 – Updated: 2026-03-20 21:18
VLAI
Summary
lz4_flex's decompression can leak information from uninitialized memory or reused output buffer
Details

Summary

Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer.

Details

The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from the user-supplied dict. The position of that data is defined by an offset. The data is copied within the output buffer from the offset to the current output position. However, lz4_flex did not properly detect invalid and out-of-bounds offset values properly, causing it to copy uninitialized data from the output buffer.

Only the block based API functions are affected: lz4_flex::block::{decompress_into, decompress_into_with_dict}

When safe-decode is disabled additionally these functions are affected lz4_flex::block::{decompress, decompress_with_dict, decompress_size_prepended, decompress_size_prepended_with_dict}

All frame APIs are not affected.

There are two affected use cases: - decompressing LZ4 data with the unsafe implementation (safe-decode feature flag disabled, which is enabled by default): can leak content of uninitialized memory as decompressed result - decompressing LZ4 data into a reused, user-supplied output buffer (affects the safe-decode feature as well): can leak the previous contents of the output buffer as decompressed result

Impact

Leakage of data from uninitialized memory or content from previous decompression operations, possibly revealing sensitive information and secrets.

Mitigation

lz4_flex 0.12.1 and 0.11.6 fixes this issue without requiring changes in user code.

If you cannot upgrade, you can mitigate this vulnerability by zeroing the output buffer before calling block::decompress_into or block::decompress_into_with_dict (only block based API is affected, frame API is not affected). Additionally the the safe-decode feature flag should be enabled.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "lz4_flex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.11.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "lz4_flex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.12.0"
            },
            {
              "fixed": "0.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-201",
      "CWE-823"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-16T20:48:08Z",
    "nvd_published_at": "2026-03-20T01:15:56Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nDecompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer.\n\n### Details\nThe LZ4 block format defines a \"match copy operation\" which duplicates previously written data or data from the user-supplied dict. The position of that data is defined by an _offset_. The data is copied within the output buffer from the _offset_ to the current output position.\nHowever, lz4_flex did not properly detect invalid and out-of-bounds _offset_ values properly, causing it to copy uninitialized data from the output buffer.\n\nOnly the block based API functions are affected: \n`lz4_flex::block::{decompress_into, decompress_into_with_dict}`\n\nWhen safe-decode is disabled _additionally_ these functions are affected\n`lz4_flex::block::{decompress, decompress_with_dict, decompress_size_prepended, decompress_size_prepended_with_dict}`\n\nAll `frame` APIs are _not_ affected.\n\nThere are two affected use cases:\n- decompressing LZ4 data with the `unsafe` implementation (`safe-decode` feature flag disabled, which is enabled by default):\ncan leak content of uninitialized memory as decompressed result\n- decompressing LZ4 data into a reused, user-supplied `output` buffer (affects the `safe-decode` feature as well):\ncan leak the previous contents of the output buffer as decompressed result\n\n### Impact\nLeakage of data from uninitialized memory or content from previous decompression operations, possibly revealing sensitive information and secrets.\n\n### Mitigation\nlz4_flex 0.12.1 and 0.11.6 fixes this issue without requiring changes in user code.\n\nIf you cannot upgrade, you can mitigate this vulnerability by zeroing the output buffer before calling `block::decompress_into` or  `block::decompress_into_with_dict` (only block based API is affected, frame API is not affected). Additionally the the `safe-decode` feature flag should be enabled.",
  "id": "GHSA-vvp9-7p8x-rfvv",
  "modified": "2026-03-20T21:18:54Z",
  "published": "2026-03-16T20:48:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/PSeitz/lz4_flex/security/advisories/GHSA-vvp9-7p8x-rfvv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32829"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PSeitz/lz4_flex/commit/055502ee5d297ecd6bf448ac91c055c7f6df9b6d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PSeitz/lz4_flex"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0041.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "lz4_flex\u0027s decompression can leak information from uninitialized memory or reused output buffer"
}

GHSA-VW9C-C8QF-HW7G

Vulnerability from github – Published: 2024-01-02 06:30 – Updated: 2024-01-02 06:30
VLAI
Details

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33110"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-02T06:15:11Z",
    "severity": "HIGH"
  },
  "details": "The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.",
  "id": "GHSA-vw9c-c8qf-hw7g",
  "modified": "2024-01-02T06:30:31Z",
  "published": "2024-01-02T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33110"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W9WF-G769-RJV3

Vulnerability from github – Published: 2023-09-27 18:30 – Updated: 2024-01-25 18:30
VLAI
Details

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-27T18:15:11Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. \n\n This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition.",
  "id": "GHSA-w9wf-g769-rjv3",
  "modified": "2024-01-25T18:30:44Z",
  "published": "2023-09-27T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20187"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlre-H93FswRz"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WCP5-9F53-QPCQ

Vulnerability from github – Published: 2025-02-03 18:30 – Updated: 2025-02-03 18:30
VLAI
Details

Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49840"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-03T17:15:20Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.",
  "id": "GHSA-wcp5-9f53-qpcq",
  "modified": "2025-02-03T18:30:42Z",
  "published": "2025-02-03T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49840"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WCXF-JMJH-X27Q

Vulnerability from github – Published: 2025-10-29 18:30 – Updated: 2025-11-05 00:31
VLAI
Details

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must NOT be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly. This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11232"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-29T18:15:40Z",
    "severity": "HIGH"
  },
  "details": "To trigger the issue, three configuration parameters must have specific settings: \"hostname-char-set\" must be left at the default setting, which is \"[^A-Za-z0-9.-]\"; \"hostname-char-replacement\" must be empty (the default); and \"ddns-qualifying-suffix\" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly.\nThis issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.",
  "id": "GHSA-wcxf-jmjh-x27q",
  "modified": "2025-11-05T00:31:31Z",
  "published": "2025-10-29T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11232"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/docs/cve-2025-11232"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/10/29/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WFPC-6X9W-JF83

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI
Details

A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-787",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Nucleus NET (All versions \u003c V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.",
  "id": "GHSA-wfpc-6x9w-jf83",
  "modified": "2022-05-24T17:48:18Z",
  "published": "2022-05-24T17:48:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27009"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGW9-VMG5-8928

Vulnerability from github – Published: 2024-11-18 12:30 – Updated: 2024-11-18 12:30
VLAI
Details

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-18T10:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.",
  "id": "GHSA-wgw9-vmg5-8928",
  "modified": "2024-11-18T12:30:42Z",
  "published": "2024-11-18T12:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42390"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42390"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-129: Pointer Manipulation

This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.