CVE & Exploit Intelligence Database

CVE-2024-27507 7.5 HIGH 1 Writeup EPSS 0.00

libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.

CWE-401 Feb 27, 2024

CVE-2021-46924 5.5 MEDIUM EPSS 0.00

In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unreferenced object 0xffff88800bc06800 (size 512): comm "8", pid 11775, jiffies 4295159829 (age 9.032s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000d66c09ce>] __kmalloc_node_track_caller+0x1ed/0x450 [<00000000c93382b3>] kmalloc_reserve+0x37/0xd0 [<000000005fea522c>] __alloc_skb+0x124/0x380 [<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2 Fix it by freeing 'pending_skb' in error and remove.

CWE-401 Feb 27, 2024

CVE-2024-25770 4.3 MEDIUM 1 Writeup EPSS 0.00

libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.

CWE-401 Feb 26, 2024

CVE-2024-24750 6.5 MEDIUM 1 Writeup EPSS 0.00

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.

CWE-401 Feb 16, 2024

CVE-2024-0240 6.5 MEDIUM EPSS 0.00

A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.

CWE-401 Feb 15, 2024

CVE-2022-23091 4.0 MEDIUM EPSS 0.00

A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.

CWE-401 Feb 15, 2024

CVE-2024-25740 5.5 MEDIUM EPSS 0.00

A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.

CWE-401 Feb 12, 2024

CVE-2024-25450 8.8 HIGH EPSS 0.00

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().

CWE-401 Feb 09, 2024

CVE-2023-33049 7.5 HIGH EPSS 0.00

Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.

CWE-401 Feb 06, 2024

CVE-2024-24267 7.5 HIGH 2 Writeups EPSS 0.00

gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.

CWE-401 Feb 05, 2024

CVE-2024-24265 7.5 HIGH 1 Writeup EPSS 0.00

gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.

CWE-401 Feb 05, 2024

CVE-2024-24259 7.5 HIGH 1 Writeup EPSS 0.00

freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.

CWE-401 Feb 05, 2024

CVE-2024-24258 7.5 HIGH 1 Writeup EPSS 0.00

freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.

CWE-401 Feb 05, 2024

CVE-2024-23820 5.3 MEDIUM 1 Writeup EPSS 0.00

OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. Version 1.4.3 contains a patch for this issue.

CWE-770 Jan 26, 2024

CVE-2024-22563 7.5 HIGH EPSS 0.00

openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.

CWE-401 Jan 19, 2024

CVE-2023-51258 5.5 MEDIUM 1 Writeup EPSS 0.00

A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.

CWE-401 Jan 18, 2024

CVE-2023-4969 6.5 MEDIUM EPSS 0.02

A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.

CWE-401 Jan 16, 2024

CVE-2024-21613 6.5 MEDIUM EPSS 0.00

A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart. The memory usage can be monitored using the below command. user@host> show task memory detail | match patroot This issue affects: Juniper Networks Junos OS * All versions earlier than 21.2R3-S3; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-EVO; * 22.1 versions earlier than 22.1R3-EVO; * 22.2 versions earlier than 22.2R3-EVO.

CWE-401 Jan 12, 2024

CVE-2024-21611 7.5 HIGH EPSS 0.00

A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1.

CWE-401 Jan 12, 2024

CVE-2024-21599 6.5 MEDIUM EPSS 0.00

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter. This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2.

CWE-401 Jan 12, 2024