CWE-404
Allowed-with-ReviewImproper Resource Shutdown or Release
Abstraction: Class · Status: Draft
The product does not release or incorrectly releases a resource before it is made available for re-use.
1219 vulnerabilities reference this CWE, most recent first.
GHSA-Q2MH-4M4X-85QC
Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-12-15 18:30In the Linux kernel, the following vulnerability has been resolved:
net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
Remove redundant netif_napi_del() call from disconnect path.
A WARN may be triggered in __netif_napi_del_locked() during USB device disconnect:
WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350
This happens because netif_napi_del() is called in the disconnect path while NAPI is still enabled. However, it is not necessary to call netif_napi_del() explicitly, since unregister_netdev() will handle NAPI teardown automatically and safely. Removing the redundant call avoids triggering the warning.
Full trace: lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV lan78xx 1-1:1.0 enu1: Link is Down lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV ------------[ cut here ]------------ WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350 Modules linked in: flexcan can_dev fuse CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT Hardware name: SKOV IMX8MP CPU revC - bd500 (DT) Workqueue: usb_hub_wq hub_event pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __netif_napi_del_locked+0x2b4/0x350 lr : __netif_napi_del_locked+0x7c/0x350 sp : ffffffc085b673c0 x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8 x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000 x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000 x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028 x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8 x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000 x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001 x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000 Call trace: __netif_napi_del_locked+0x2b4/0x350 (P) lan78xx_disconnect+0xf4/0x360 usb_unbind_interface+0x158/0x718 device_remove+0x100/0x150 device_release_driver_internal+0x308/0x478 device_release_driver+0x1c/0x30 bus_remove_device+0x1a8/0x368 device_del+0x2e0/0x7b0 usb_disable_device+0x244/0x540 usb_disconnect+0x220/0x758 hub_event+0x105c/0x35e0 process_one_work+0x760/0x17b0 worker_thread+0x768/0xce8 kthread+0x3bc/0x690 ret_from_fork+0x10/0x20 irq event stamp: 211604 hardirqs last enabled at (211603): [] _raw_spin_unlock_irqrestore+0x84/0x98 hardirqs last disabled at (211604): [] el1_dbg+0x24/0x80 softirqs last enabled at (211296): [] handle_softirqs+0x820/0xbc8 softirqs last disabled at (210993): [] __do_softirq+0x18/0x20 ---[ end trace 0000000000000000 ]--- lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0
{
"affected": [],
"aliases": [
"CVE-2025-38385"
],
"database_specific": {
"cwe_ids": [
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-25T13:15:27Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n __netif_napi_del_locked+0x2b4/0x350 (P)\n lan78xx_disconnect+0xf4/0x360\n usb_unbind_interface+0x158/0x718\n device_remove+0x100/0x150\n device_release_driver_internal+0x308/0x478\n device_release_driver+0x1c/0x30\n bus_remove_device+0x1a8/0x368\n device_del+0x2e0/0x7b0\n usb_disable_device+0x244/0x540\n usb_disconnect+0x220/0x758\n hub_event+0x105c/0x35e0\n process_one_work+0x760/0x17b0\n worker_thread+0x768/0xce8\n kthread+0x3bc/0x690\n ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last enabled at (211603): [\u003cffffffc0828cc9ec\u003e] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [\u003cffffffc0828a9a84\u003e] el1_dbg+0x24/0x80\n softirqs last enabled at (211296): [\u003cffffffc080095f10\u003e] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [\u003cffffffc080010288\u003e] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0",
"id": "GHSA-q2mh-4m4x-85qc",
"modified": "2025-12-15T18:30:16Z",
"published": "2025-07-25T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38385"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17a37b9a5dd945d86110838fb471e7139ba993a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/510a6095d754df9d727f644ec5076b7929d6c9ea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c7ffc9af7186ed79403a3ffee9a1e5199fc7450"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7135056a49035597198280820c61b8c5dbe4a1d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/968a419c95131e420f12bbdba19e96e2f6b071c4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q3VX-5WXP-G986
Vulnerability from github – Published: 2023-10-03 18:30 – Updated: 2024-04-04 08:11For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
{
"affected": [],
"aliases": [
"CVE-2023-5255"
],
"database_specific": {
"cwe_ids": [
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-03T18:15:10Z",
"severity": "HIGH"
},
"details": "For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. ",
"id": "GHSA-q3vx-5wxp-g986",
"modified": "2024-04-04T08:11:33Z",
"published": "2023-10-03T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5255"
},
{
"type": "WEB",
"url": "https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates"
},
{
"type": "WEB",
"url": "https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates-0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q4GR-3X5P-634J
Vulnerability from github – Published: 2026-05-10 03:33 – Updated: 2026-05-10 03:33A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-8223"
],
"database_specific": {
"cwe_ids": [
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-10T03:16:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-q4gr-3x5p-634j",
"modified": "2026-05-10T03:33:00Z",
"published": "2026-05-10T03:33:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8223"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/4438"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/808442"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/362440"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/362440/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q4M9-3FR6-F83P
Vulnerability from github – Published: 2026-01-26 06:30 – Updated: 2026-02-23 09:31A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as d45c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to implement a patch to correct this issue.
{
"affected": [],
"aliases": [
"CVE-2026-1416"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-26T04:16:09Z",
"severity": "MODERATE"
},
"details": "A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as d45c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to implement a patch to correct this issue.",
"id": "GHSA-q4m9-3fr6-f83p",
"modified": "2026-02-23T09:31:22Z",
"published": "2026-01-26T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1416"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/3427"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/3427#issue-3802197432"
},
{
"type": "WEB",
"url": "https://github.com/enocknt/gpac/commit/d45c264c20addf0c1cc05124ede33f8ffa800e68"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.342805"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.342805"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.736542"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q4RV-GQ96-W7C5
Vulnerability from github – Published: 2025-05-08 19:28 – Updated: 2025-05-08 19:28In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.4.56"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-server"
},
"ranges": [
{
"events": [
{
"introduced": "9.4.0"
},
{
"fixed": "9.4.57.v20241219"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-13009"
],
"database_specific": {
"cwe_ids": [
"CWE-404"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-08T19:28:34Z",
"nvd_published_at": "2025-05-08T18:15:41Z",
"severity": "HIGH"
},
"details": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.",
"id": "GHSA-q4rv-gq96-w7c5",
"modified": "2025-05-08T19:28:34Z",
"published": "2025-05-08T19:28:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"type": "PACKAGE",
"url": "https://github.com/jetty/jetty.project"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request"
}
GHSA-Q4XV-CR27-98CP
Vulnerability from github – Published: 2026-01-29 15:30 – Updated: 2026-02-23 09:31A vulnerability has been found in Open5GS up to 2.7.6. The affected element is the function sgwc_s11_handle_modify_bearer_request of the file /sgwc/s11-handler.c of the component SGWC. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Applying a patch is the recommended action to fix this issue. The issue report is flagged as already-fixed.
{
"affected": [],
"aliases": [
"CVE-2026-1587"
],
"database_specific": {
"cwe_ids": [
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-29T13:15:53Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Open5GS up to 2.7.6. The affected element is the function sgwc_s11_handle_modify_bearer_request of the file /sgwc/s11-handler.c of the component SGWC. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Applying a patch is the recommended action to fix this issue. The issue report is flagged as already-fixed.",
"id": "GHSA-q4xv-cr27-98cp",
"modified": "2026-02-23T09:31:23Z",
"published": "2026-01-29T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1587"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/4272"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/4272#event-21968635948"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/4272#issue-3795156752"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.343350"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.343350"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.738376"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q562-X7C7-5FC9
Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2022-10-07 18:15A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
{
"affected": [],
"aliases": [
"CVE-2020-14307"
],
"database_specific": {
"cwe_ids": [
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-24T16:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"id": "GHSA-q562-x7c7-5fc9",
"modified": "2022-10-07T18:15:55Z",
"published": "2022-05-24T17:24:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14307"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3817"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3144"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3143"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3142"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:3141"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q59J-53P8-6PMQ
Vulnerability from github – Published: 2022-10-17 12:00 – Updated: 2022-10-19 12:00A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function mptcp_addr_show of the file ip/ipmptcp.c of the component iproute2. The manipulation leads to memory leak. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-211026 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-3528"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-16T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function mptcp_addr_show of the file ip/ipmptcp.c of the component iproute2. The manipulation leads to memory leak. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-211026 is the identifier assigned to this vulnerability.",
"id": "GHSA-q59j-53p8-6pmq",
"modified": "2022-10-19T12:00:20Z",
"published": "2022-10-17T12:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3528"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=afdbb0204a5872f1f76058a0db5a529b1f0c8de7"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.211026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q5GM-QF94-C8H9
Vulnerability from github – Published: 2025-04-28 06:30 – Updated: 2025-04-28 06:30A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB. It has been classified as problematic. This affects the function InternalApfsTranslateBlock of the file Library/RP_ApfsLib/RP_ApfsIo.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The patch is named 4d35125ca689a255647e9033dd60c257d26df7cb. It is recommended to apply a patch to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2025-4003"
],
"database_specific": {
"cwe_ids": [
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-28T06:15:17Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB. It has been classified as problematic. This affects the function InternalApfsTranslateBlock of the file Library/RP_ApfsLib/RP_ApfsIo.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The patch is named 4d35125ca689a255647e9033dd60c257d26df7cb. It is recommended to apply a patch to fix this issue.",
"id": "GHSA-q5gm-qf94-c8h9",
"modified": "2025-04-28T06:30:26Z",
"published": "2025-04-28T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4003"
},
{
"type": "WEB",
"url": "https://github.com/RefindPlusRepo/RefindPlus/issues/206"
},
{
"type": "WEB",
"url": "https://github.com/RefindPlusRepo/RefindPlus/issues/206#event-16595888967"
},
{
"type": "WEB",
"url": "https://github.com/RefindPlusRepo/RefindPlus/commit/4d35125ca689a255647e9033dd60c257d26df7cb"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.306339"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.306339"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.558123"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q5MR-2423-G6VW
Vulnerability from github – Published: 2022-10-17 12:00 – Updated: 2022-10-19 12:00A vulnerability has been found in Linux Kernel and classified as problematic. Affected by this vulnerability is the function fdb_get of the file bridge/fdb.c of the component iproute2. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211027.
{
"affected": [],
"aliases": [
"CVE-2022-3529"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-16T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been found in Linux Kernel and classified as problematic. Affected by this vulnerability is the function fdb_get of the file bridge/fdb.c of the component iproute2. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211027.",
"id": "GHSA-q5mr-2423-g6vw",
"modified": "2022-10-19T12:00:19Z",
"published": "2022-10-17T12:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3529"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=6db01afd60748afbba114be2773be338c5be28ff"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.211027"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Mitigation
It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions.
Mitigation
Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[].
Mitigation
When releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself.
CAPEC-125: Flooding
An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
CAPEC-130: Excessive Allocation
An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.
CAPEC-131: Resource Leak Exposure
An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests.
CAPEC-494: TCP Fragmentation
An adversary may execute a TCP Fragmentation attack against a target with the intention of avoiding filtering rules of network controls, by attempting to fragment the TCP packet such that the headers flag field is pushed into the second fragment which typically is not filtered.
CAPEC-495: UDP Fragmentation
An attacker may execute a UDP Fragmentation attack against a target server in an attempt to consume resources such as bandwidth and CPU. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. Typically the attacker will use large UDP packets over 1500 bytes of data which forces fragmentation as ethernet MTU is 1500 bytes. This attack is a variation on a typical UDP flood but it enables more network bandwidth to be consumed with fewer packets. Additionally it has the potential to consume server CPU resources and fill memory buffers associated with the processing and reassembling of fragmented packets.
CAPEC-496: ICMP Fragmentation
An attacker may execute a ICMP Fragmentation attack against a target with the intention of consuming resources or causing a crash. The attacker crafts a large number of identical fragmented IP packets containing a portion of a fragmented ICMP message. The attacker these sends these messages to a target host which causes the host to become non-responsive. Another vector may be sending a fragmented ICMP message to a target host with incorrect sizes in the header which causes the host to hang.
CAPEC-666: BlueSmacking
An adversary uses Bluetooth flooding to transfer large packets to Bluetooth enabled devices over the L2CAP protocol with the goal of creating a DoS. This attack must be carried out within close proximity to a Bluetooth enabled device.