Total
396 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27320 | 2 Fedoraproject, Sudo Project | 2 Fedora, Sudo | 2023-03-18 | N/A | 7.2 HIGH |
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | |||||
CVE-2023-1449 | 2023-03-17 | N/A | N/A | ||
A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability. | |||||
CVE-2022-40515 | 1 Qualcomm | 318 Apq8009, Apq8009 Firmware, Apq8009w and 315 more | 2023-03-16 | N/A | 9.8 CRITICAL |
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. | |||||
CVE-2023-26545 | 1 Linux | 1 Linux Kernel | 2023-03-16 | N/A | 7.8 HIGH |
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | |||||
CVE-2022-3707 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-03-14 | N/A | 5.5 MEDIUM |
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. | |||||
CVE-2023-25136 | 1 Openssh | 1 Openssh | 2023-03-09 | N/A | 6.5 MEDIUM |
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | |||||
CVE-2019-5460 | 2 Opensuse, Videolan | 3 Backports, Leap, Vlc Media Player | 2023-03-03 | 4.3 MEDIUM | 5.5 MEDIUM |
Double Free in VLC versions <= 3.0.6 leads to a crash. | |||||
CVE-2019-15212 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-03-03 | 4.9 MEDIUM | 4.6 MEDIUM |
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. | |||||
CVE-2022-42915 | 4 Apple, Fedoraproject, Haxx and 1 more | 12 Macos, Fedora, Curl and 9 more | 2023-03-01 | N/A | 9.8 CRITICAL |
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. | |||||
CVE-2019-11932 | 2 Android-gif-drawable Project, Whatsapp | 2 Android-gif-drawable, Whatsapp | 2023-03-01 | 6.8 MEDIUM | 8.8 HIGH |
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image. | |||||
CVE-2022-20803 | 1 Clamav | 1 Clamav | 2023-02-28 | N/A | 7.5 HIGH |
A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | |||||
CVE-2022-40683 | 1 Fortinet | 1 Fortiweb | 2023-02-27 | N/A | 7.8 HIGH |
A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands | |||||
CVE-2017-2636 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-24 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||||
CVE-2018-7480 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. | |||||
CVE-2017-8890 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. | |||||
CVE-2022-4450 | 1 Openssl | 1 Openssl | 2023-02-24 | N/A | 7.5 HIGH |
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. | |||||
CVE-2021-37159 | 3 Debian, Linux, Oracle | 5 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more | 2023-02-24 | 4.4 MEDIUM | 6.4 MEDIUM |
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. | |||||
CVE-2021-44732 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2023-02-23 | 7.5 HIGH | 9.8 CRITICAL |
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | |||||
CVE-2017-18595 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2023-02-23 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. | |||||
CVE-2022-2519 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-02-23 | N/A | 6.5 MEDIUM |
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 |