How severe is CVE-2024-3187?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-3187?

This is classified as CWE-415, which is a common weakness in software security.

CVE-2024-3187

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-415

View all →

Vulnerability Description

This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent.

CVE-2017-6166

MEDIUM

CVSS:5.9(Medium)

In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmen...

CWE-4152017

CVE-2022-31117

MEDIUM

CVSS:5.9(Medium)

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause th...

CWE-4152022

CVE-2023-27537

MEDIUM

CVSS:5.9(Medium)

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads b...

CWE-4152023

CVE-2020-15710

MEDIUM

CVSS:6.1(Medium)

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/blu...

CWE-4152020

CVE-2018-0160

MEDIUM

CVSS:6.3(Medium)

A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerab...

CWE-4152018

CVE-2019-5236

MEDIUM

CVSS:6.3(Medium)

Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double fre...

CWE-4152019

CVE-2024-3187

Vulnerability Description

Related Vulnerabilities

CVE-2017-6166

CVE-2022-31117

CVE-2023-27537

CVE-2020-15710

CVE-2018-0160

CVE-2019-5236