CWE-772
AllowedMissing Release of Resource after Effective Lifetime
Abstraction: Base · Status: Draft
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
567 vulnerabilities reference this CWE, most recent first.
GHSA-8C5X-65FV-44C8
Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2022-06-06 00:00In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd).
{
"affected": [],
"aliases": [
"CVE-2020-7455"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd).",
"id": "GHSA-8c5x-65fv-44c8",
"modified": "2022-06-06T00:00:33Z",
"published": "2022-05-24T17:17:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7455"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:13.libalias.asc"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200518-0005"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-661"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8G85-WHQH-CR2F
Vulnerability from github – Published: 2023-12-05 18:12 – Updated: 2024-11-19 16:25Impact
There is a potential vulnerability in Traefik managing the ACME HTTP challenge.
When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers (slowloris attack).
Patches
- https://github.com/traefik/traefik/releases/tag/v2.10.6
- https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5
Workarounds
Replace the HTTPChallenge with the TLSChallenge or the DNSChallenge.
For more information
If you have any questions or comments about this advisory, please open an issue.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/traefik/traefik/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.10.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/traefik/traefik/v3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.0-beta5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-47124"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-772"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-05T18:12:37Z",
"nvd_published_at": "2023-12-04T21:15:33Z",
"severity": "MODERATE"
},
"details": "## Impact\n\nThere is a potential vulnerability in Traefik managing the ACME HTTP challenge.\n\nWhen Traefik is configured to use the [HTTPChallenge](https://doc.traefik.io/traefik/https/acme/#httpchallenge) to generate and renew the Let\u0027s Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers ([slowloris attack](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/)).\n \n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.10.6\n- https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5\n\n## Workarounds\n\nReplace the HTTPChallenge with the [TLSChallenge](https://doc.traefik.io/traefik/https/acme/#tlschallenge) or the [DNSChallenge](https://doc.traefik.io/traefik/https/acme/#dnschallenge).\n\n## For more information\n\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).",
"id": "GHSA-8g85-whqh-cr2f",
"modified": "2024-11-19T16:25:35Z",
"published": "2023-12-05T18:12:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-8g85-whqh-cr2f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47124"
},
{
"type": "WEB",
"url": "https://doc.traefik.io/traefik/https/acme/#dnschallenge"
},
{
"type": "WEB",
"url": "https://doc.traefik.io/traefik/https/acme/#httpchallenge"
},
{
"type": "WEB",
"url": "https://doc.traefik.io/traefik/https/acme/#tlschallenge"
},
{
"type": "PACKAGE",
"url": "https://github.com/traefik/traefik"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/releases/tag/v2.10.6"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5"
},
{
"type": "WEB",
"url": "https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Traefik vulnerable to potential DDoS via ACME HTTPChallenge"
}
GHSA-8GMW-3FCX-GM64
Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2024-03-21 03:33An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e.
{
"affected": [],
"aliases": [
"CVE-2020-12768"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-09T21:15:00Z",
"severity": "LOW"
},
"details": "An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e.",
"id": "GHSA-8gmw-3fcx-gm64",
"modified": "2024-03-21T03:33:55Z",
"published": "2022-05-24T17:17:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12768"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1171736#c3"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d80b64ff297e40c2b6f7d7abc1b3eba70d22a068"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4411-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4412-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4413-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4699"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8HVW-VW2F-MVVG
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2025-04-20 03:43GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.
{
"affected": [],
"aliases": [
"CVE-2017-13066"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-22T06:29:00Z",
"severity": "MODERATE"
},
"details": "GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.",
"id": "GHSA-8hvw-vw2f-mvvg",
"modified": "2025-04-20T03:43:44Z",
"published": "2022-05-13T01:42:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13066"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/430"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100463"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8J3V-W6GQ-FJ6Q
Vulnerability from github – Published: 2024-07-11 00:32 – Updated: 2025-02-07 21:31A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.
The issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and Netconf over SSH.
Once the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored. See WORKAROUND section below.
Administrators can monitor an increase in defunct sshd processes by utilizing the CLI command:
> show system processes | match sshd root 25219 30901 0 Jul16 ? 00:00:00 [sshd]
This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 21.4R3-S7-EVO * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R2-EVO.
This issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-39562"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-10T23:15:13Z",
"severity": "HIGH"
},
"details": "A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.\n\nThe issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and\u00a0Netconf over SSH.\n\nOnce the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.\u00a0 See WORKAROUND section below.\n\nAdministrators can monitor an increase in defunct sshd processes by utilizing the CLI command:\n\n\u00a0 \u003e show system processes | match sshd\n\u00a0 root \u00a0 25219 30901 0 Jul16 ? \u00a0 \u00a0 \u00a0 00:00:00 [sshd] \u003cdefunct\u003e\n\nThis issue affects Juniper Networks Junos OS Evolved:\n * All versions prior to 21.4R3-S7-EVO\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO;\n * 23.2-EVO versions prior to 23.2R2-EVO.\n\n\n\nThis issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.",
"id": "GHSA-8j3v-w6gq-fj6q",
"modified": "2025-02-07T21:31:00Z",
"published": "2024-07-11T00:32:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39562"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA75724"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-8J4F-F64V-4729
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2017-12675"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-07T21:29:00Z",
"severity": "MODERATE"
},
"details": "In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.",
"id": "GHSA-8j4f-f64v-4729",
"modified": "2022-05-13T01:42:44Z",
"published": "2022-05-13T01:42:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12675"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/616"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8J5M-6WVX-8FQM
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:11A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.
{
"affected": [],
"aliases": [
"CVE-2018-5179"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-26T14:29:00Z",
"severity": "HIGH"
},
"details": "A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.",
"id": "GHSA-8j5m-6wvx-8fqm",
"modified": "2024-04-04T00:11:28Z",
"published": "2022-05-24T16:44:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5179"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8PCM-VGVX-R5P5
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be forced into a "Terminating" state by an attacker who is able to send spoofed messages appearing to originate from trusted RADIUS server(s) destined to the device in response to the subscriber's request. These spoofed messages cause the Junos OS General Authentication Service (authd) daemon to force the broadband subscriber into this "Terminating" state which the subscriber will not recover from thereby causing a Denial of Service (DoS) to the endpoint device. Once in the "Terminating" state, the endpoint subscriber will no longer be able to access the network. Restarting the authd daemon on the Junos OS device will temporarily clear the subscribers out of the "Terminating" state. As long as the attacker continues to send these spoofed packets and subscribers request to be logged out, the subscribers will be returned to the "Terminating" state thereby creating a persistent Denial of Service to the subscriber. An indicator of compromise may be seen by displaying the output of "show subscribers summary". The presence of subscribers in the "Terminating" state may indicate the issue is occurring. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect: Juniper Networks Junos OS 12.3 version 12.3R1 and later versions; 15.1 version 15.1R1 and later versions.
{
"affected": [],
"aliases": [
"CVE-2021-31378"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-19T19:15:00Z",
"severity": "MODERATE"
},
"details": "In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be forced into a \"Terminating\" state by an attacker who is able to send spoofed messages appearing to originate from trusted RADIUS server(s) destined to the device in response to the subscriber\u0027s request. These spoofed messages cause the Junos OS General Authentication Service (authd) daemon to force the broadband subscriber into this \"Terminating\" state which the subscriber will not recover from thereby causing a Denial of Service (DoS) to the endpoint device. Once in the \"Terminating\" state, the endpoint subscriber will no longer be able to access the network. Restarting the authd daemon on the Junos OS device will temporarily clear the subscribers out of the \"Terminating\" state. As long as the attacker continues to send these spoofed packets and subscribers request to be logged out, the subscribers will be returned to the \"Terminating\" state thereby creating a persistent Denial of Service to the subscriber. An indicator of compromise may be seen by displaying the output of \"show subscribers summary\". The presence of subscribers in the \"Terminating\" state may indicate the issue is occurring. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect: Juniper Networks Junos OS 12.3 version 12.3R1 and later versions; 15.1 version 15.1R1 and later versions.",
"id": "GHSA-8pcm-vgvx-r5p5",
"modified": "2022-05-24T19:17:54Z",
"published": "2022-05-24T19:17:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31378"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11246"
},
{
"type": "WEB",
"url": "https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-sessions/topics/topic-map/general-authentication-service-events-tracing.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8PV7-V3JW-C4MR
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-06-29 00:00rudp v0.6 was discovered to contain a memory leak in the component main.c.
{
"affected": [],
"aliases": [
"CVE-2020-20665"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-30T17:15:00Z",
"severity": "HIGH"
},
"details": "rudp v0.6 was discovered to contain a memory leak in the component main.c.",
"id": "GHSA-8pv7-v3jw-c4mr",
"modified": "2022-06-29T00:00:30Z",
"published": "2022-05-24T19:16:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20665"
},
{
"type": "WEB",
"url": "https://github.com/cloudwu/rudp/issues/6"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/401.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8RC5-MR4F-M243
Vulnerability from github – Published: 2021-08-25 20:46 – Updated: 2021-08-19 21:18An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.9.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35876"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-772"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:18:55Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race.",
"id": "GHSA-8rc5-mr4f-m243",
"modified": "2021-08-19T21:18:55Z",
"published": "2021-08-25T20:46:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35876"
},
{
"type": "WEB",
"url": "https://github.com/spacejam/rio/issues/11"
},
{
"type": "WEB",
"url": "https://github.com/spacejam/rio/pull/31"
},
{
"type": "PACKAGE",
"url": "https://github.com/spacejam/rio"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use after free in rio"
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Mitigation
It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions.
Mitigation MIT-47
Strategy: Resource Limitation
- Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.
- When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.
- Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703).
CAPEC-469: HTTP DoS
An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.