Vulnerabilities > CVE-2024-22088 - Use After Free vulnerability in Chendotjs Lotos Webserver 0.1.0/0.1.1

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
chendotjs
CWE-416
critical
NVD
Published: 2024-01-05
Updated: 2024-01-10

Summary

Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.

Vulnerable Configurations

Part Description Count
Application
Chendotjs
2

Common Weakness Enumeration (CWE)

References