CVE-2024-42645
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flashmq | flashmq | 1.14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in FlashMQ version 1.14.0 allows attackers to cause an assertion failure by sending a specially crafted retain message. This leads to a Denial of Service (DoS) condition where the service becomes unavailable or crashes.
How can this vulnerability impact me? :
The impact of this vulnerability is a Denial of Service (DoS), meaning an attacker can cause the FlashMQ service to crash or become unavailable by sending a crafted retain message. This disrupts normal operations and can affect any systems relying on FlashMQ for messaging.
What immediate steps should I take to mitigate this vulnerability?
Upgrade FlashMQ to a version that addresses the vulnerability. Although the provided resources discuss fixes for CVE-2024-42644 in FlashMQ version 1.15.1, no specific fix or version is mentioned for CVE-2024-42645. However, as the vulnerability involves assertion failure via crafted retain messages causing DoS, applying the latest available updates or patches from FlashMQ is recommended to mitigate the issue. [1]