CVE-2024-35492
📋 TL;DR
This vulnerability in Cesanta Mongoose allows attackers to cause a Denial of Service (DoS) by sending a specially crafted MQTT packet that triggers a NULL pointer dereference in the scpy function. Any system running vulnerable versions of Mongoose with MQTT functionality enabled is affected. The vulnerability can crash the application, disrupting services.
💻 Affected Systems
- Cesanta Mongoose Embedded Web Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage with potential for repeated crashes preventing service recovery.
Likely Case
Application crash requiring restart, causing temporary service disruption.
If Mitigated
Minimal impact with proper network filtering and monitoring in place.
🎯 Exploit Status
Public proof-of-concept demonstrates crash via crafted MQTT packet. Exploitation requires network access to MQTT service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after commit b316989
Vendor Advisory: https://github.com/cesanta/mongoose/commit/b316989
Restart Required: Yes
Instructions:
1. Update Mongoose to latest version from GitHub repository. 2. Recompile application with updated library. 3. Restart affected services.
🔧 Temporary Workarounds
Disable MQTT functionality
allIf MQTT is not required, disable it in Mongoose configuration
Set MG_ENABLE_MQTT=0 in build configuration
Network filtering
linuxBlock external access to MQTT port (typically 1883)
iptables -A INPUT -p tcp --dport 1883 -j DROP
🧯 If You Can't Patch
- Implement network segmentation to isolate MQTT services
- Deploy rate limiting on MQTT connections to mitigate DoS impact
🔍 How to Verify
Check if Vulnerable:
Check Mongoose version or commit hash. If using commit b316989 or earlier with MQTT enabled, system is vulnerable.Check Version:
Check application logs or build configuration for Mongoose version informationVerify Fix Applied:
Verify Mongoose version is updated beyond commit b316989 and test MQTT functionality with normal traffic.📡 Detection & Monitoring
Log Indicators:
- Application crash logs
- Segmentation fault errors
- Unexpected process termination
Network Indicators:
- Unusual MQTT packet patterns
- Multiple connection attempts to MQTT port
SIEM Query:
source="application.logs" AND ("segmentation fault" OR "null pointer" OR "mongoose crash")