CVE & Exploit Intelligence Database

CVE-2022-4743 7.5 HIGH 1 Writeup EPSS 0.00

A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.

CWE-401 Jan 12, 2023

CVE-2022-46490 5.5 MEDIUM EPSS 0.00

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.

CWE-401 Jan 05, 2023

CVE-2022-46489 5.5 MEDIUM EPSS 0.00

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.

CWE-401 Jan 05, 2023

CVE-2022-47941 7.5 HIGH 1 Writeup EPSS 0.00

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.

CWE-401 Dec 23, 2022

CVE-2022-23471 5.7 MEDIUM 1 Writeup EPSS 0.00

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.

CWE-401 Dec 07, 2022

CVE-2022-43272 7.5 HIGH 1 Writeup EPSS 0.00

DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.

CWE-401 Dec 02, 2022

CVE-2022-45204 5.5 MEDIUM EPSS 0.00

GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.

CWE-401 Nov 29, 2022

CVE-2021-46854 7.5 HIGH EPSS 0.01

mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.

CWE-401 Nov 23, 2022

CVE-2022-3957 4.3 MEDIUM 1 Writeup EPSS 0.00

A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.

CWE-401 Nov 11, 2022

CVE-2022-29515 6.0 MEDIUM EPSS 0.00

Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.

CWE-401 Nov 11, 2022

CVE-2021-26393 5.5 MEDIUM EPSS 0.00

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

CWE-401 Nov 09, 2022

CVE-2022-43255 5.5 MEDIUM EPSS 0.00

GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.

CWE-401 Nov 02, 2022

CVE-2022-43254 5.5 MEDIUM EPSS 0.00

GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.

CWE-401 Nov 02, 2022

CVE-2022-3812 4.3 MEDIUM EPSS 0.00

A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability.

CWE-401 Nov 01, 2022

CVE-2022-43223 7.5 HIGH 1 Writeup EPSS 0.00

open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.

CWE-401 Nov 01, 2022

CVE-2022-43222 7.5 HIGH 1 Writeup EPSS 0.00

open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.

CWE-401 Nov 01, 2022

CVE-2022-43221 7.5 HIGH 1 Writeup EPSS 0.00

open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.

CWE-401 Nov 01, 2022

CVE-2022-42326 5.5 MEDIUM EPSS 0.00

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.

CWE-401 Nov 01, 2022

CVE-2022-42325 5.5 MEDIUM EPSS 0.00

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.

CWE-401 Nov 01, 2022

CVE-2022-42323 5.5 MEDIUM EPSS 0.00

Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota.

CWE-401 Nov 01, 2022