ReportizFlow
Filtered by vendor
Subscriptions
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4389 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 7 High |
| A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. | ||||
| CVE-2023-4256 | 2 Broadcom, Fedoraproject | 3 Tcpreplay, Extra Packages For Enterprise Linux, Fedora | 2024-11-21 | 5.5 Medium |
| Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack. | ||||
| CVE-2023-49937 | 1 Schedmd | 1 Slurm | 2024-11-21 | 9.8 Critical |
| An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. | ||||
| CVE-2023-48013 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. | ||||
| CVE-2023-45679 | 1 Nothings | 1 Stb Vorbis.c | 2024-11-21 | 7.3 High |
| stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution. | ||||
| CVE-2023-45666 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | 7.3 High |
| stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed | ||||
| CVE-2023-45664 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | 7.3 High |
| stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution. | ||||
| CVE-2023-44247 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 Medium |
| A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. | ||||
| CVE-2023-43281 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | 6.5 Medium |
| Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. | ||||
| CVE-2023-41911 | 1 Samsung | 2 Exynos 2200, Exynos 2200 Firmware | 2024-11-21 | 4.7 Medium |
| Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). | ||||
| CVE-2023-41678 | 1 Fortinet | 2 Fortios, Fortipam | 2024-11-21 | 8.3 High |
| A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request. | ||||
| CVE-2023-41374 | 1 Jtekt | 1 Kostac Plc | 2024-11-21 | 7.8 High |
| Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later. | ||||
| CVE-2023-41325 | 1 Linaro | 1 Op-tee | 2024-11-21 | 7.4 High |
| OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable ‘e’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available. | ||||
| CVE-2023-40103 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-3609 | 3 Debian, Linux, Redhat | 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more | 2024-11-21 | 7.8 High |
| A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. | ||||
| CVE-2023-3312 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 High |
| A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service. | ||||
| CVE-2023-39975 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2024-11-21 | 8.8 High |
| kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. | ||||
| CVE-2023-38562 | 2024-11-21 | 8.7 High | ||
| A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | ||||
| CVE-2023-38434 | 2 Linux, Xhttp Project | 2 Linux Kernel, Xhttp | 2024-11-21 | 7.5 High |
| xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method. | ||||
| CVE-2023-35371 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-11-21 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||