Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-4679

Summary
Assigner-@huntr_ai
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-15 Nov, 2024 | 10:53
Updated At-15 Nov, 2024 | 19:12
Rejected At-
Credits

Use After Free in gpac/gpac

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntr_ai
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:15 Nov, 2024 | 10:53
Updated At:15 Nov, 2024 | 19:12
Rejected At:
▼CVE Numbering Authority (CNA)
Use After Free in gpac/gpac

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash.

Affected Products
Vendor
GPACgpac
Product
gpac/gpac
Versions
Affected
  • From unspecified before 2.3-DEV (custom)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.05.9MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.com/bounties/6f721ee7-8785-4c26-801e-f40fed3faaac
N/A
https://github.com/gpac/gpac/commit/b68b3f0bf5c366e003221d78fd663a1d5514a876
N/A
Hyperlink: https://huntr.com/bounties/6f721ee7-8785-4c26-801e-f40fed3faaac
Resource: N/A
Hyperlink: https://github.com/gpac/gpac/commit/b68b3f0bf5c366e003221d78fd663a1d5514a876
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
GPACgpac
Product
gpac
CPEs
  • cpe:2.3:a:gpac:gpac:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.3-DEV (custom)
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:15 Nov, 2024 | 11:15
Updated At:19 Nov, 2024 | 15:54

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.15.9MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Secondary3.05.9MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
GPAC
gpac
>>gpac>>2.3.0-dev
cpe:2.3:a:gpac:gpac:2.3.0-dev:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarysecurity@huntr.dev
CWE ID: CWE-416
Type: Primary
Source: security@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/gpac/gpac/commit/b68b3f0bf5c366e003221d78fd663a1d5514a876security@huntr.dev
Patch
https://huntr.com/bounties/6f721ee7-8785-4c26-801e-f40fed3faaacsecurity@huntr.dev
Exploit
Third Party Advisory
Hyperlink: https://github.com/gpac/gpac/commit/b68b3f0bf5c366e003221d78fd663a1d5514a876
Source: security@huntr.dev
Resource:
Patch
Hyperlink: https://huntr.com/bounties/6f721ee7-8785-4c26-801e-f40fed3faaac
Source: security@huntr.dev
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found