CWE-590
AllowedFree of Memory not on the Heap
Abstraction: Variant · Status: Incomplete
The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().
31 vulnerabilities reference this CWE, most recent first.
GHSA-3Q3P-5X2R-J3HQ
Vulnerability from github – Published: 2025-06-10 03:30 – Updated: 2025-06-10 03:30SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.
{
"affected": [],
"aliases": [
"CVE-2025-42995"
],
"database_specific": {
"cwe_ids": [
"CWE-590"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T01:15:22Z",
"severity": "HIGH"
},
"details": "SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.",
"id": "GHSA-3q3p-5x2r-j3hq",
"modified": "2025-06-10T03:30:29Z",
"published": "2025-06-10T03:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-42995"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3610006"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4873-36H9-WV49
Vulnerability from github – Published: 2021-09-20 19:54 – Updated: 2024-11-19 18:04Impact
There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime.
To trigger this bug, Wasmtime needs to be running Wasm that uses externrefs, the host creates non-null externrefs, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where
- there are no live references at this safepoint, and
- there is a safepoint with live references earlier in this frame's function.
Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as externrefs that needed to be rooted for GC. At the next GC, it would be determined that nothing was referencing these bogus externrefs (because nothing could ever reference them, because they are not really externrefs) and then Wasmtime would deallocate them and run <ExternRef as Drop>::drop on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes.
Even though support for externrefs (via the reference types proposal) is enabled by default, unless you are creating non-null externrefs in your host code or explicitly triggering GCs, you cannot be affected by this bug.
We have reason to believe that the effective impact of this bug is relatively small because usage of externref is currently quite rare.
Patches
This bug has been patched and users should upgrade to Wasmtime version 0.30.0.
Additionally, we have updated our primary externref fuzz target such that it better exercises these code paths and we can have greater confidence in their correctness going forward.
Workarounds
If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing false to wasmtime::Config::wasm_reference_types
References
For more information
If you have any questions or comments about this advisory:
- Reach out to us on the Bytecode Alliance Zulip chat
- Open an issue in the
bytecodealliance/wasmtimerepository
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "wasmtime"
},
"ranges": [
{
"events": [
{
"introduced": "0.26.0"
},
{
"fixed": "0.30.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "wasmtime"
},
"ranges": [
{
"events": [
{
"introduced": "0.26.0"
},
{
"fixed": "0.30.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-39218"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-590",
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-17T20:05:58Z",
"nvd_published_at": "2021-09-17T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThere was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime.\n\nTo trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where\n\n* there are no live references at this safepoint, and\n* there is a safepoint with live references earlier in this frame\u0027s function.\n\nUnder this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `\u003cExternRef as Drop\u003e::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn\u0027t be freed at this moment even if it was), as well as potential out-of-bounds reads and writes.\n\nEven though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug.\n\nWe have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare.\n\n### Patches\n\nThis bug has been patched and users should upgrade to Wasmtime version 0.30.0.\n\nAdditionally, we have updated [our primary `externref` fuzz target](https://github.com/bytecodealliance/wasmtime/blob/37c094faf53f1b356aab3c79d451395e4f7edb34/fuzz/fuzz_targets/table_ops.rs) such that it better exercises these code paths and we can have greater confidence in their correctness going forward.\n\n### Workarounds\n\nIf you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to [`wasmtime::Config::wasm_reference_types`](https://docs.rs/wasmtime/0.29.0/wasmtime/struct.Config.html#method.wasm_reference_types)\n\n### References\n\n* [The Wasm reference types proposal, which introduces `externref`](https://github.com/WebAssembly/reference-types/)\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Reach out to us on [the Bytecode Alliance Zulip chat](https://bytecodealliance.zulipchat.com/#narrow/stream/217126-wasmtime)\n* Open an issue in [the `bytecodealliance/wasmtime` repository](https://github.com/bytecodealliance/wasmtime/)",
"id": "GHSA-4873-36h9-wv49",
"modified": "2024-11-19T18:04:00Z",
"published": "2021-09-20T19:54:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39218"
},
{
"type": "WEB",
"url": "https://github.com/bytecodealliance/wasmtime/commit/398a73f0dd862dbe703212ebae8e34036a18c11c"
},
{
"type": "WEB",
"url": "https://crates.io/crates/wasmtime"
},
{
"type": "PACKAGE",
"url": "https://github.com/bytecodealliance/wasmtime"
},
{
"type": "WEB",
"url": "https://github.com/bytecodealliance/wasmtime-py/compare/0.29.0...0.30.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/wasmtime/PYSEC-2021-321.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAVBRYDDUIY2ZR3K3FO4BVYJKIMJ5TP7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2Z33FTXFQ6EOINVEQIP4DFBG53G5XIY"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0110.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime "
}
GHSA-5X7Q-WM95-R63C
Vulnerability from github – Published: 2026-05-28 21:32 – Updated: 2026-05-28 21:32Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.
{
"affected": [],
"aliases": [
"CVE-2026-47328"
],
"database_specific": {
"cwe_ids": [
"CWE-590"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T19:16:40Z",
"severity": "MODERATE"
},
"details": "Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.",
"id": "GHSA-5x7q-wm95-r63c",
"modified": "2026-05-28T21:32:02Z",
"published": "2026-05-28T21:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47328"
},
{
"type": "WEB",
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=7f3c4902c39432ce7ea0d384cb70eba282247fac"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-65VC-89H4-WVX6
Vulnerability from github – Published: 2025-06-10 00:30 – Updated: 2025-06-10 00:30A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-5899"
],
"database_specific": {
"cwe_ids": [
"CWE-590"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-09T22:15:22Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-65vc-89h4-wvx6",
"modified": "2025-06-10T00:30:30Z",
"published": "2025-06-10T00:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5899"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1YPJLiBzOwVTcc2FzdawYxBJWGujwqy7o/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://savannah.gnu.org/bugs/index.php?67072"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.311671"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.311671"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.586106"
},
{
"type": "WEB",
"url": "https://www.gnu.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C77X-PFG5-GXC3
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-20810"
],
"database_specific": {
"cwe_ids": [
"CWE-590"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T18:16:07Z",
"severity": "HIGH"
},
"details": "Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-c77x-pfg5-gxc3",
"modified": "2026-01-13T18:31:08Z",
"published": "2026-01-13T18:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20810"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20810"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FP4X-J6CH-W8Q5
Vulnerability from github – Published: 2025-04-15 18:31 – Updated: 2026-06-26 00:32A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
{
"affected": [],
"aliases": [
"CVE-2025-32911"
],
"database_specific": {
"cwe_ids": [
"CWE-590"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-15T16:16:06Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.",
"id": "GHSA-fp4x-j6ch-w8q5",
"modified": "2026-06-26T00:32:01Z",
"published": "2025-04-15T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32911"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/433"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359355"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-32911"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:9179"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:8292"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:7436"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4624"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4609"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4560"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4538"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4508"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4440"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4439"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21657"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JXH7-Q7RM-43WW
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2023-06-12 09:30Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.
{
"affected": [],
"aliases": [
"CVE-2021-3939"
],
"database_specific": {
"cwe_ids": [
"CWE-590",
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-17T04:15:00Z",
"severity": "HIGH"
},
"details": "Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.",
"id": "GHSA-jxh7-q7rm-43ww",
"modified": "2023-06-12T09:30:19Z",
"published": "2022-05-24T19:20:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3939"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/notices/USN-5149-1"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MG4Q-W2RM-GVPM
Vulnerability from github – Published: 2023-04-05 18:30 – Updated: 2024-04-04 03:22An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-22291"
],
"database_specific": {
"cwe_ids": [
"CWE-590"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-05T16:15:00Z",
"severity": "HIGH"
},
"details": "An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-mg4q-w2rm-gvpm",
"modified": "2024-04-04T03:22:28Z",
"published": "2023-04-05T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22291"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN79149117"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1687"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PHVG-GC27-GJWP
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
{
"affected": [],
"aliases": [
"CVE-2021-42377"
],
"database_specific": {
"cwe_ids": [
"CWE-590",
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-15T21:15:00Z",
"severity": "CRITICAL"
},
"details": "An attacker-controlled pointer free in Busybox\u0027s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the \u0026\u0026\u0026 string. This may be used for remote code execution under rare conditions of filtered command input.",
"id": "GHSA-phvg-gc27-gjwp",
"modified": "2022-05-24T19:20:51Z",
"published": "2022-05-24T19:20:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42377"
},
{
"type": "WEB",
"url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
},
{
"type": "WEB",
"url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211223-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q73C-HMCG-M3VX
Vulnerability from github – Published: 2025-06-10 03:30 – Updated: 2025-06-10 03:30SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing low impact on confidentiality, integrity and availibility of the application.
{
"affected": [],
"aliases": [
"CVE-2025-42996"
],
"database_specific": {
"cwe_ids": [
"CWE-590"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T01:15:23Z",
"severity": "MODERATE"
},
"details": "SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing low impact on confidentiality, integrity and availibility of the application.",
"id": "GHSA-q73c-hmcg-m3vx",
"modified": "2025-06-10T03:30:29Z",
"published": "2025-06-10T03:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-42996"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3610006"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Only free pointers that you have called malloc on previously. This is the recommended solution. Keep track of which pointers point at the beginning of valid chunks and free them only once.
Mitigation
Before freeing a pointer, the programmer should make sure that the pointer was previously allocated on the heap and that the memory belongs to the programmer. Freeing an unallocated pointer will cause undefined behavior in the program.
Mitigation MIT-4.6
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, glibc in Linux provides protection against free of invalid pointers.
Mitigation
Use a language that provides abstractions for memory allocation and deallocation.
No CAPEC attack patterns related to this CWE.