CVE-2024-3184

low-risk

Published 2024-10-17

Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS).

Do I need to act?

0.43% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

References (1)

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3184

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal