Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-6138

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-11 Jan, 2019 | 17:00
Updated At-04 Aug, 2024 | 20:16
Rejected At-
Credits

An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:11 Jan, 2019 | 17:00
Updated At:04 Aug, 2024 | 20:16
Rejected At:
â–¼CVE Numbering Authority (CNA)

An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/mz-automation/libiec61850/issues/103
x_refsource_MISC
Hyperlink: https://github.com/mz-automation/libiec61850/issues/103
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/mz-automation/libiec61850/issues/103
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/mz-automation/libiec61850/issues/103
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Jan, 2019 | 17:29
Updated At:24 Aug, 2020 | 17:37

An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

mz-automation
mz-automation
>>libiec61850>>1.3.1
cpe:2.3:a:mz-automation:libiec61850:1.3.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-401Primarynvd@nist.gov
CWE ID: CWE-401
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/mz-automation/libiec61850/issues/103cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/mz-automation/libiec61850/issues/103
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

116Records found

CVE-2019-6135
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.66% / 73.75%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 17:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c.

Action-Not Available
Vendor-mz-automationn/a
Product-libiec61850n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-6719
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.46% / 70.32%
||
7 Day CHG~0.00%
Published-23 Jan, 2019 | 22:00
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c.

Action-Not Available
Vendor-mz-automationn/a
Product-libiec61850n/a
CWE ID-CWE-416
Use After Free
CVE-2019-6136
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 70.58%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 17:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c.

Action-Not Available
Vendor-mz-automationn/a
Product-libiec61850n/a
CVE-2019-16510
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.44% / 70.03%
||
7 Day CHG~0.00%
Published-19 Sep, 2019 | 15:39
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.

Action-Not Available
Vendor-mz-automationn/a
Product-libiec61850n/a
CWE ID-CWE-416
Use After Free
CVE-2019-1010300
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.52%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 17:15
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The attack vector is: Send a specific MMS protocol packet.

Action-Not Available
Vendor-mz-automationmz-automation
Product-libiec61850libiec61850
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-1302
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.05% / 60.27%
||
7 Day CHG+0.03%
Published-12 Apr, 2022 | 07:30
Updated-16 Sep, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malformed Goose Message in LibIEC61850 may result in a denial of service

In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.

Action-Not Available
Vendor-mz-automationMZ Automation
Product-libiec61850libIEC61850
CWE ID-CWE-20
Improper Input Validation
CVE-2018-18937
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.66% / 73.75%
||
7 Day CHG~0.00%
Published-05 Nov, 2018 | 08:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.

Action-Not Available
Vendor-mz-automationn/a
Product-libiec61850n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-21159
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.80% / 75.79%
||
7 Day CHG+0.05%
Published-15 Apr, 2022 | 16:00
Updated-15 Apr, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.

Action-Not Available
Vendor-mz-automationMZ Automation GmbH
Product-libiec61850libiec61850
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-19093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.66% / 73.75%
||
7 Day CHG~0.00%
Published-07 Nov, 2018 | 19:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program

Action-Not Available
Vendor-mz-automationn/a
Product-libiec61850n/a
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-45773
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 60.49%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:11
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.

Action-Not Available
Vendor-mz-automationn/a
Product-lib60870n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-45769
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 60.49%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:10
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.

Action-Not Available
Vendor-mz-automationn/a
Product-libiec61850n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-6137
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 70.58%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 17:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference.

Action-Not Available
Vendor-mz-automationn/a
Product-lib60870n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-21778
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.26% / 66.07%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 18:27
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability.

Action-Not Available
Vendor-mz-automationn/a
Product-lib60870MZ Automation"
CWE ID-CWE-617
Reachable Assertion
CVE-2023-23205
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 15.14%
||
7 Day CHG~0.00%
Published-24 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.

Action-Not Available
Vendor-mz-automationn/a
Product-lib60870n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-26419
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-2.78% / 84.66%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 17:17
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationFedora Project
Product-wiresharkfedorazfs_storage_appliance_kitWireshark
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-25794
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.73% / 74.88%
||
7 Day CHG~0.00%
Published-19 Sep, 2020 | 20:58
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.

Action-Not Available
Vendor-sized-chunks_projectn/a
Product-sized-chunksn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-25672
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.23% / 86.74%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 19:38
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Fedora ProjectDebian GNU/Linux
Product-h300eh500scloud_backuph410c_firmwareh300s_firmwareactive_iq_unified_managerh410sh300ssolidfire_baseboard_management_controllerh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh410ch700e_firmwaresolidfire_baseboard_management_controller_firmwareh700sLinux Kernel
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-25644
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.18% / 80.19%
||
7 Day CHG+0.03%
Published-06 Oct, 2020 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.
Product-jboss_data_gridsingle_sign-onwildfly_opensslopenshift_application_runtimesjboss_fusedata_gridoncommand_workflow_automationservice_level_managerjboss_enterprise_application_platformoncommand_insightwildfly-openssl
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-25795
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.72% / 74.69%
||
7 Day CHG~0.00%
Published-19 Sep, 2020 | 20:58
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.

Action-Not Available
Vendor-sized-chunks_projectn/a
Product-sized-chunksn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.21% / 64.84%
||
7 Day CHG+0.03%
Published-28 Feb, 2022 | 18:48
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-28723
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.56%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 16:49
Updated-04 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.

Action-Not Available
Vendor-cloudavidn/a
Product-pparamn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22650
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.88%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 16:53
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.

Action-Not Available
Vendor-attn/a
Product-alienvault_ossimn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-23876
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.36% / 68.40%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:25
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText.

Action-Not Available
Vendor-science-minern/a
Product-pdf2xmln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-20665
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.75%
||
7 Day CHG~0.00%
Published-30 Sep, 2021 | 16:40
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rudp v0.6 was discovered to contain a memory leak in the component main.c.

Action-Not Available
Vendor-rudp_projectn/a
Product-rudpn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-20451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.34% / 67.79%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 18:48
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-16949
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-2.75% / 84.41%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:18
Updated-23 Feb, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Denial of Service Vulnerability

<p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.</p> <p>Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1365_appsoutlookwindows_7officewindows_server_2019Microsoft 365 Apps for EnterpriseMicrosoft Outlook 2010 Service Pack 2Microsoft Outlook 2013 Service Pack 1Microsoft Outlook 2016Microsoft Office 2019
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-15806
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.05% / 78.88%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 18:14
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_rtecontrol_for_iot2000control_runtime_system_toolkithmicontrol_for_empc-a\/imx6control_for_plcnextcontrol_for_beaglebonecontrol_for_raspberry_picontrol_for_pfc100remote_target_visu_toolkitsimulation_runtimecontrol_for_pfc200embedded_target_visu_toolkitcontrol_for_linuxcontrol_for_wago_touch_panels_600control_winn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-13934
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-64.12% / 99.13%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 14:59
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationNetApp, Inc.openSUSEDebian GNU/LinuxOracle Corporation
Product-ubuntu_linuxdebian_linuxcommunications_instant_messaging_servermysql_enterprise_monitorinstantis_enterprisetracksiebel_ui_frameworkoncommand_system_managertomcatagile_engineering_data_managementagile_plmfmw_platformmanaged_file_transferworkload_managerleapApache Tomcat
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-12887
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.73% / 74.88%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 18:24
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. Due to lack of overflow detection, it is possible to craft a packet that wraps the option number around and results in the same option number being processed again in a single packet. Certain options allocate memory by calling a memory allocation function. In the cases of COAP_OPTION_URI_QUERY, COAP_OPTION_URI_PATH, COAP_OPTION_LOCATION_QUERY, and COAP_OPTION_ETAG, there is no check on whether memory has already been allocated, which in conjunction with the option number integer overflow may lead to multiple assignments of allocated memory to a single pointer. This has been demonstrated to lead to memory leak by buffer orphaning. As a result, the memory is never freed.

Action-Not Available
Vendor-n/aArm Limited
Product-mbed-coapmbed_osn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-12604
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.70% / 74.46%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 14:24
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.

Action-Not Available
Vendor-envoyproxyn/a
Product-envoyn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-11637
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-5.8||MEDIUM
EPSS-1.08% / 61.00%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 15:08
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automation Runtime TFTP Service DoS Vulnerability

A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.

Action-Not Available
Vendor-B&R Industrial Automation GmbH
Product-automation_runtimeAutomation Runtime
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-10593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.28% / 81.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 12:22
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.

Action-Not Available
Vendor-torprojectn/aopenSUSE
Product-torbackports_sleleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-6299
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.94% / 56.68%
||
7 Day CHG~0.00%
Published-26 Nov, 2023 | 23:00
Updated-02 Aug, 2024 | 08:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apryse iText Reference Table PdfDocument.java memory leak

A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.0.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this vulnerability. The fix was introduced in the iText 8.0.2 release on October 25th 2023, prior to the disclosure.

Action-Not Available
Vendor-itextpdfApryse
Product-itextiText
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-9004
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.51% / 71.30%
||
7 Day CHG~0.00%
Published-22 Feb, 2019 | 15:00
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of the LWM2M server after exhausting all available memory.

Action-Not Available
Vendor-n/aEclipse Foundation AISBL
Product-wakaaman/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2004-0222
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.65% / 88.24%
||
7 Day CHG~0.00%
Published-25 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-7395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.43% / 87.50%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-7398
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.72% / 88.45%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-6132
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.50% / 71.14%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 05:00
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-6671
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 59.95%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 21:41
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-6502
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.20% / 80.34%
||
7 Day CHG~0.00%
Published-22 Jan, 2019 | 00:00
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.

Action-Not Available
Vendor-opensc_projectn/a
Product-openscn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-20888
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 62.05%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 16:46
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-20388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.39% / 90.13%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 22:53
Updated-17 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Fedora ProjectDebian GNU/LinuxOracle CorporationopenSUSENetApp, Inc.
Product-debian_linuxh300s_firmwarecloud_backupontap_select_deploy_administration_utilityh300emysql_workbenchh700e_firmwareh500s_firmwareh410splug-in_for_symantec_netbackupfedorah410s_firmwareh500sclustered_data_ontapcommunications_cloud_native_core_network_function_cloud_native_environmenth700s_firmwareenterprise_manager_base_platformenterprise_manager_ops_centerh300sreal_user_experience_insighth500elibxml2h300e_firmwaresmi-s_providersteelstore_cloud_integrated_storageh500e_firmwarepeoplesoft_enterprise_peopletoolsh700sleapsnapdriveh700en/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19956
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.51% / 91.84%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 15:12
Updated-03 Dec, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Canonical Ltd.Fedora ProjectDebian GNU/Linuxlibxml2 (XMLSoft)Siemens AG
Product-libxml2ubuntu_linuxclustered_data_ontapfedoraclustered_data_ontap_antivirus_connectordebian_linuxsteelstore_cloud_integrated_storagemanageability_software_development_kitontap_select_deploy_administration_utilitysinema_remote_connect_serveractive_iq_unified_managerreal_user_experience_insightn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2025-1816
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 39.46%
||
7 Day CHG~0.00%
Published-02 Mar, 2025 | 14:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak

A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-n/a
Product-FFmpeg
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-18807
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.57% / 83.24%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 15:29
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-17178
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.58% / 83.33%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 16:57
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

Action-Not Available
Vendor-lodevn/aopenSUSEFreeRDP
Product-freerdplodepngleapn/a
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-17177
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.69% / 84.05%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 16:57
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

Action-Not Available
Vendor-n/aopenSUSEFreeRDP
Product-freerdpleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-33105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.04% / 85.93%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:13
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

Action-Not Available
Vendor-n/aRedis Inc.
Product-redisn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-14818
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.81% / 84.82%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 00:00
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.

Action-Not Available
Vendor-dpdkDPDKRed Hat, Inc.Fedora Project
Product-enterprise_linux_fast_datapathvirtualization_eusfedoradata_plane_development_kitopenstackdpdk
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-15134
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.51% / 71.40%
||
7 Day CHG~0.00%
Published-17 Aug, 2019 | 17:54
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.

Action-Not Available
Vendor-riot-osn/a
Product-riotn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found