CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-57435: In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference...

Description

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.

Classification

CVE ID: CVE-2024-57435

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-03-01 (when was this score calculated)

References

https://github.com/peccc/restful_vul/blob/main/mall_tiny_dos/mall_tiny_dos.md

Timeline

2025-02-01 00:30:37 UTC
CVE

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference...