Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-58342

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Feb, 2026 | 00:00
Updated At-05 Feb, 2026 | 16:23
Rejected At-
Credits

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel memory exhaustion.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Feb, 2026 | 00:00
Updated At:05 Feb, 2026 | 16:23
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel memory exhaustion.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
N/A
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-58342/
N/A
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Resource: N/A
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-58342/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-770CWE-770 Allocation of Resources Without Limits or Throttling
Type: CWE
CWE ID: CWE-770
Description: CWE-770 Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Feb, 2026 | 18:16
Updated At:05 Feb, 2026 | 17:43

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel memory exhaustion.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Samsung
samsung
>>exynos_980_firmware>>-
cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_980>>-
cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_850_firmware>>-
cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_850>>-
cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1080_firmware>>-
cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1080>>-
cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1280_firmware>>-
cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1280>>-
cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1330_firmware>>-
cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1330>>-
cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1380_firmware>>-
cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1380>>-
cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1480_firmware>>-
cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1480>>-
cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1580_firmware>>-
cpe:2.3:o:samsung:exynos_1580_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1580>>-
cpe:2.3:h:samsung:exynos_1580:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w920_firmware>>-
cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w920>>-
cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w930_firmware>>-
cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w930>>-
cpe:2.3:h:samsung:exynos_w930:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w1000_firmware>>-
cpe:2.3:o:samsung:exynos_w1000_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w1000>>-
cpe:2.3:h:samsung:exynos_w1000:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-770Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-770
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve@mitre.org
Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-58342/cve@mitre.org
Vendor Advisory
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-58342/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

41Records found
CVE-2025-58341
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.86%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-05 Feb, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_cert_disable_ht_vht write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58344
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.86%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-05 Feb, 2026 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation in a /proc/driver/unifi0/conn_log_event_burst_to_us write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58340
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.86%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-05 Feb, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_delts write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-45184
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.10% / 26.81%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-17 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer overflow can lead to a Denial of Service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_990_firmwareexynos_1480exynos_2400_firmwareexynos_2100_firmwareexynos_1280exynos_9825_firmwareexynos_1380_firmwareexynos_w920exynos_980_firmwareexynos_1080exynos_1330_firmwareexynos_9825exynos_1280_firmwareexynos_1380exynos_w920_firmwareexynos_modem_5123exynos_2400exynos_980exynos_9820_firmwareexynos_850exynos_9820exynos_9110_firmwareexynos_modem_5300_firmwareexynos_1080_firmwareexynos_2200_firmwareexynos_990exynos_2100exynos_w930_firmwareexynos_modem_5123_firmwareexynos_modem_5300exynos_w930exynos_850_firmwareexynos_1330exynos_9110exynos_1480_firmwareexynos_2200n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-34604
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2023-30675
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.26%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-passSamsung Pass
CWE ID-CWE-287
Improper Authentication
CVE-2024-34605
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34637
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.91%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 05:32
Updated-05 Sep, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-20887
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.55% / 67.44%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 06:42
Updated-14 Jan, 2026 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary directory creation in GalaxyBudsManager PC prior to version 2.1.240315.51 allows attacker to create arbitrary directory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-galaxy_buds_managerGalaxyBudsManager PC
CVE-2024-34609
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34608
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34607
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34606
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-31957
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.29% / 51.60%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 00:00
Updated-25 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2200exynos_2200_firmwareexynos_2400exynos_2400_firmwaren/a
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2024-20872
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.09% / 25.34%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 04:29
Updated-07 Jan, 2026 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidTalkbackSEtalkbackse
CVE-2023-21458
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 20.16%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-52516
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.48%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 00:00
Updated-09 Jan, 2026 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1580_firmwareexynos_2400exynos_2500exynos_2500_firmwareexynos_1380exynos_1380_firmwareexynos_1580exynos_1480exynos_1480_firmwareexynos_1330_firmwareexynos_2400_firmwareexynos_1330n/a
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-42531
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.88%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-12 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2025-21004
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.53%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-20 Jan, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-galaxy_watch_ultragalaxy_watch_4_classicgalaxy_watch_7galaxy_watchwear_osgalaxy_watch_fegalaxy_watch_5galaxy_watch_4galaxy_watch_6_classicgalaxy_watch_5_progalaxy_watch_6Samsung Mobile Devices
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-20972
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.97%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:24
Updated-16 Jul, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-flowSamsung Flow
CVE-2024-46921
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 00:00
Updated-20 Jun, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of service (battery-drain attack).

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_modem_5300_firmwareexynos_1280_firmwareexynos_980_firmwareexynos_9820exynos_1380_firmwareexynos_2400_firmwareexynos_990exynos_modem_5300exynos_9110_firmwareexynos_2100_firmwareexynos_1280exynos_w1000_firmwareexynos_2200exynos_2200_firmwareexynos_1330exynos_2100exynos_modem_5123exynos_1480exynos_modem_5400_firmwareexynos_1380exynos_modem_5400exynos_990_firmwareexynos_modem_5123_firmwareexynos_1330_firmwareexynos_1080_firmwareexynos_1480_firmwareexynos_980exynos_9825exynos_w1000exynos_1080exynos_9820_firmwareexynos_9825_firmwareexynos_9110n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-38155
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.85%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 00:52
Updated-03 Aug, 2024 | 10:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58347
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-09 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/p2p_certif write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58348
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-09 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/confg_tspec write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58343
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-09 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/create_tspec write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58345
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-09 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_certif_11ax_mode write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58346
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-09 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_addts write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-40762
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.92%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 21:35
Updated-03 Aug, 2024 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-47969
Matching Score-4
Assigner-Solidigm
ShareView Details
Matching Score-4
Assigner-Solidigm
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 21:41
Updated-09 Jan, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.

Action-Not Available
Vendor-Solidigm
Product-P5520P5316P5530DC P4510P4326P5620P4511P4610P5628P4420P5510P5500P5600D5-P4320
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-25969
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 07:24
Updated-09 Jan, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-43083
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.2||MEDIUM
EPSS-0.09% / 25.39%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 17:25
Updated-17 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-31314
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 20.25%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:09
Updated-17 Dec, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-29567
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 16:50
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability.

Action-Not Available
Vendor-n/aFedora ProjectXen Project
Product-xenfedoran/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-29570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 18.58%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 17:01
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoran/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-25153
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 35.70%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 14:09
Updated-10 Mar, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
containerd OCI image importer memory exhaustion

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Action-Not Available
Vendor-containerdThe Linux Foundation
Product-containerdcontainerd
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-28428
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 14:51
Updated-25 Feb, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDFio vulnerable to Denial Of Service when opening a corrupt PDF file

PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1.

Action-Not Available
Vendor-pdfio_projectmichaelrsweet
Product-pdfiopdfio
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-43211
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.47%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacoswatchosipadosvisionossafariiphone_osSafariiOS and iPadOStvOSvisionOSwatchOSiPadOSmacOS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36123
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:28
Updated-05 Feb, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-29917
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 19.50%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 21:00
Updated-29 May, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata decode_base64: signature can do large memory allocation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per thread. This vulnerability is fixed in 7.0.9.

Action-Not Available
Vendor-oisfOISF
Product-suricatasuricata
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-29916
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 19.50%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 20:03
Updated-29 May, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata datasets: ruleset declared settings can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.

Action-Not Available
Vendor-oisfOISF
Product-suricatasuricata
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-29957
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.49% / 64.91%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:59
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Deployment Services Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_10_1507windows_10_22h2windows_11_23h2windows_11_22h2windows_10_1607windows_server_2019windows_server_2022_23h2windows_server_2025windows_11_24h2windows_server_2008windows_10_1809windows_server_2022windows_10_21h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
Details not found