Overview
- Description
- This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent.
- Source
- prodsec@nozominetworks.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 4.2
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
- Severity
- MEDIUM
Weaknesses
- prodsec@nozominetworks.com
- CWE-415
Social media
- Hype score
- Not currently trending
CVE-2024-3187 This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nu… https://t.co/VXK1YiqVrj
@CVEnew
379 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-3187 Use After Free Vulnerabilities in Goahead Can Lead to DoS There are two 'Use After Free' and one 'Double Free' vulnerabilities in Goahead versions 6.0.0 and lower. These issues happen because JST va... https://t.co/Toc22k57xP
@VulmonFeeds
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes