CVE-2024-3184

MEDIUM

GoAhead < 6.0.0 - Denial of Service via NULL Pointer Dereference

Title source: llm

Description

Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS).

References (1)

Core 1

Core References

Various Sources

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3184

Scores

CVSS v3 5.9

EPSS 0.0046

EPSS Percentile 36.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (1)

EmbedThis/GoAhead < 6.0.0

Published Oct 17, 2024

Tracked Since Feb 18, 2026