CVE-2017-1000072 - Vulnerability Details - OpenCVE

ReportizFlow

Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Creolabs	Gravity

Configuration 1 [-]

cpe:2.3:a:creolabs:gravity:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/marcobambini/gravity/issues/123

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-13T20:00:00

Updated: 2024-08-05T21:53:06.201Z

Reserved: 2017-07-10T00:00:00

Link: CVE-2017-1000072

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-07-17T13:18:18.297

Modified: 2024-11-21T03:04:05.723

Link: CVE-2017-1000072

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2017-05-06T00:00:00", "datePublic": "2017-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-13T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/marcobambini/gravity/issues/123"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "DATE_ASSIGNED": "2017-05-06T20:43:28.322671", "ID": "CVE-2017-1000072", "REQUESTER": "[email protected]", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/marcobambini/gravity/issues/123", "refsource": "CONFIRM", "url": "https://github.com/marcobambini/gravity/issues/123"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:53:06.201Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/marcobambini/gravity/issues/123"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000072", "datePublished": "2017-07-13T20:00:00", "dateReserved": "2017-07-10T00:00:00", "dateUpdated": "2024-08-05T21:53:06.201Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:creolabs:gravity:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "52708A02-0E70-4A28-AA88-B34E57F419B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations"}, {"lang": "es", "value": "Creolabs Gravity versi\u00f3n 1.0, es susceptible a una problema de doble liberaci\u00f3n (Double Free) en la funci\u00f3n gravity_value lo que potencialmente conlleva a la modificaci\u00f3n de ubicaciones de memoria inesperadas."}], "id": "CVE-2017-1000072", "lastModified": "2024-11-21T03:04:05.723", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-07-17T13:18:18.297", "references": [{"source": "[email protected]", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/marcobambini/gravity/issues/123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/marcobambini/gravity/issues/123"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "[email protected]", "type": "Primary"}]}