CVE-2024-3184

Description

Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS).

Remediation

Solution:

  • It is recommended to apply fixes introduced in version 6.0.1 of GoAhead and use the latest version available as base for building custom web servers.

Category

5.9
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.17%
Affected: EmbedThis GoAhead
Published at:
Updated at:

References

Link Tags
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3184

Frequently Asked Questions

What is the severity of CVE-2024-3184?
CVE-2024-3184 has been scored as a medium severity vulnerability.
How to fix CVE-2024-3184?
To fix CVE-2024-3184: It is recommended to apply fixes introduced in version 6.0.1 of GoAhead and use the latest version available as base for building custom web servers.
Is CVE-2024-3184 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-3184 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-3184?
CVE-2024-3184 affects EmbedThis GoAhead.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.