CWE-772
Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
CVE-2024-22383 (GCVE-0-2024-22383)
Vulnerability from cvelistv5 – Published: 2024-03-05 03:12 – Updated: 2024-08-01 22:43
VLAI
Summary
Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service.
This issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)), 8.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).
Severity
6.2 (Medium)
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gallagher | Controller 7000 |
Affected:
9.00 , < vCR9.00.231204b
(custom)
Affected: 8.90 , < vCR8.90.240209b (custom) Affected: 8.80 , < vCR8.80.240209a (custom) Affected: 8.70 , < vCR8.70.240209a (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T20:52:27.008902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:48.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller 7000",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "vCR9.00.231204b",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThan": "vCR8.90.240209b",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vCR8.80.240209a",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vCR8.70.240209a",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOnly sites with Controller 7000 or Controller 7000 SDC (Single Door Controller) are affected. To exploit this an attacker would need access to the HBUS cabling, ensure HBUS cables are suitably protected. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nOnly sites with Controller 7000 or Controller 7000 SDC (Single Door Controller) are affected. To exploit this an attacker would need access to the HBUS cabling, ensure HBUS cables are suitably protected. \n\n\n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. \u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eThis issue affects: All variants of the Gallagher Controller 7000 \u003c/span\u003e9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)),\u0026nbsp;8.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nMissing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. \n\nThis issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)),\u00a08.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T03:12:29.581Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-22383",
"datePublished": "2024-03-05T03:12:29.581Z",
"dateReserved": "2024-02-05T04:16:47.982Z",
"dateUpdated": "2024-08-01T22:43:34.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28882 (GCVE-0-2024-28882)
Vulnerability from cvelistv5 – Published: 2024-07-08 21:30 – Updated: 2024-11-01 20:38
VLAI
Summary
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
Severity
4.3 (Medium)
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T14:48:10.705315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T20:38:32.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:50.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-28882"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.10",
"status": "affected",
"version": "2.6.0",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:19:57.631Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-28882"
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2024-28882",
"datePublished": "2024-07-08T21:30:24.798Z",
"dateReserved": "2024-03-12T18:26:01.733Z",
"dateUpdated": "2024-11-01T20:38:32.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39562 (GCVE-0-2024-39562)
Vulnerability from cvelistv5 – Published: 2024-07-10 22:47 – Updated: 2024-08-02 04:26
VLAI
Title
Junos OS Evolved: A high rate of SSH connections causes a Denial of Service
Summary
A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.
The issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and Netconf over SSH.
Once the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored. See WORKAROUND section below.
Administrators can monitor an increase in defunct sshd processes by utilizing the CLI command:
> show system processes | match sshd
root 25219 30901 0 Jul16 ? 00:00:00 [sshd] <defunct>
This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 21.4R3-S7-EVO
* 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;
* 22.4-EVO versions prior to 22.4R3-EVO;
* 23.2-EVO versions prior to 23.2R2-EVO.
This issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.
Severity
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA75724 | vendor-advisory |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 21.4R3-S7-EVO
(semver)
Affected: 22.3-EVO , < 22.3R2-S2-EVO, 22.3R3-S2-EVO (semver) Affected: 22.4-EVO , < 22.4R3-EVO (semver) Affected: 23.2-EVO , < 23.2R2-EVO (semver) Unaffected: 22.1-EVO , < 22.1* (semver) Unaffected: 22.2-EVO , < 22.2* (semver) |
Date Public
2024-07-10 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.3r2-s2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:23.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:09:33.942117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:21:53.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75724"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1*",
"status": "unaffected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2*",
"status": "unaffected",
"version": "22.2-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThe issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and\u0026nbsp;Netconf over SSH.\u003cbr\u003e\u003cbr\u003eOnce the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.\u0026nbsp; See WORKAROUND section below.\u003cbr\u003e\u003cbr\u003eAdministrators can monitor an increase in defunct sshd processes by utilizing the CLI command:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; \u0026gt; show system processes | match sshd\u003cbr\u003e\u0026nbsp; root \u0026nbsp; 25219 30901 0 Jul16 ? \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 [sshd] \u0026lt;defunct\u0026gt;\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks Junos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 21.4R3-S7-EVO\u003c/li\u003e\u003cli\u003e22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions prior to 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2-EVO versions prior to 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.\u003cbr\u003e"
}
],
"value": "A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.\n\nThe issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and\u00a0Netconf over SSH.\n\nOnce the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.\u00a0 See WORKAROUND section below.\n\nAdministrators can monitor an increase in defunct sshd processes by utilizing the CLI command:\n\n\u00a0 \u003e show system processes | match sshd\n\u00a0 root \u00a0 25219 30901 0 Jul16 ? \u00a0 \u00a0 \u00a0 00:00:00 [sshd] \u003cdefunct\u003e\n\nThis issue affects Juniper Networks Junos OS Evolved:\n * All versions prior to 21.4R3-S7-EVO\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO;\n * 23.2-EVO versions prior to 23.2R2-EVO.\n\n\n\nThis issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:47:22.616Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75724"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S7-EVO, 22.2R1-EVO, 22.3R2-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S7-EVO, 22.2R1-EVO, 22.3R2-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA75724",
"defect": [
"1741624"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS Evolved: A high rate of SSH connections causes a Denial of Service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39562",
"datePublished": "2024-07-10T22:47:22.616Z",
"dateReserved": "2024-06-25T15:12:53.249Z",
"dateUpdated": "2024-08-02T04:26:15.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41888 (GCVE-0-2024-41888)
Vulnerability from cvelistv5 – Published: 2024-08-09 14:55 – Updated: 2025-03-13 19:53
VLAI
Title
Apache Answer: The link for resetting user password is not Single-Use
Summary
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked.
Users are recommended to upgrade to version 1.3.6, which fixes the issue.
Severity
No CVSS data available.
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/jbs1j2o9rqm5sc19j… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Answer |
Affected:
0 , ≤ 1.3.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-09T15:02:53.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/09/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T15:16:50.390764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:53:24.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Answer",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mohammad Reza Omrani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Release of Resource after Effective Lifetime vulnerability in Apache Answer.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Answer: through 1.3.5.\u003c/p\u003eThe password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.3.6, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.3.5.\n\nThe password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked.\nUsers are recommended to upgrade to version 1.3.6, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T14:55:14.493Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Answer: The link for resetting user password is not Single-Use",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-41888",
"datePublished": "2024-08-09T14:55:14.493Z",
"dateReserved": "2024-07-23T02:21:14.245Z",
"dateUpdated": "2025-03-13T19:53:24.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41890 (GCVE-0-2024-41890)
Vulnerability from cvelistv5 – Published: 2024-08-09 14:53 – Updated: 2025-03-13 18:27
VLAI
Title
Apache Answer: The link to reset the user's password will remain valid after sending a new link
Summary
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked.
Users are recommended to upgrade to version 1.3.6, which fixes the issue.
Severity
No CVSS data available.
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/j7c080xj31x8rvz1p… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Answer |
Affected:
0 , ≤ 1.3.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-09T15:02:54.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/09/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T15:35:39.103577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T18:27:24.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Answer",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mohammad Reza Omrani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Release of Resource after Effective Lifetime vulnerability in Apache Answer.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Answer: through 1.3.5.\u003c/p\u003eUser sends multiple password reset emails, each containing a valid link. Within the link\u0027s validity period, this could potentially lead to the link being misused or hijacked.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.3.6, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.3.5.\n\nUser sends multiple password reset emails, each containing a valid link. Within the link\u0027s validity period, this could potentially lead to the link being misused or hijacked.\nUsers are recommended to upgrade to version 1.3.6, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T14:53:28.544Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/j7c080xj31x8rvz1pyk2h47rdd9pwbv9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Answer: The link to reset the user\u0027s password will remain valid after sending a new link",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-41890",
"datePublished": "2024-08-09T14:53:28.544Z",
"dateReserved": "2024-07-23T02:41:50.995Z",
"dateUpdated": "2025-03-13T18:27:24.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49769 (GCVE-0-2024-49769)
Vulnerability from cvelistv5 – Published: 2024-10-29 14:18 – Updated: 2024-11-17 00:11
VLAI
Title
Waitress has a denial of service leading to high CPU usage/resource exhaustion
Summary
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.
Severity
7.5 (High)
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Pylons/waitress/security/advis… | x_refsource_CONFIRM |
| https://github.com/Pylons/waitress/issues/418 | x_refsource_MISC |
| https://github.com/Pylons/waitress/pull/435 | x_refsource_MISC |
| https://github.com/Pylons/waitress/commit/1ae4e89… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pylons:waitress:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "waitress",
"vendor": "pylons",
"versions": [
{
"lessThan": "3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T14:56:24.506825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T14:56:55.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-17T00:11:26.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "waitress",
"vendor": "Pylons",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won\u0027t correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772: Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T14:18:40.951Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6"
},
{
"name": "https://github.com/Pylons/waitress/issues/418",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Pylons/waitress/issues/418"
},
{
"name": "https://github.com/Pylons/waitress/pull/435",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Pylons/waitress/pull/435"
},
{
"name": "https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c"
}
],
"source": {
"advisory": "GHSA-3f84-rpwh-47g6",
"discovery": "UNKNOWN"
},
"title": "Waitress has a denial of service leading to high CPU usage/resource exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-49769",
"datePublished": "2024-10-29T14:18:40.951Z",
"dateReserved": "2024-10-18T13:43:23.457Z",
"dateUpdated": "2024-11-17T00:11:26.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52303 (GCVE-0-2024-52303)
Vulnerability from cvelistv5 – Published: 2024-11-18 20:08 – Updated: 2024-11-19 14:45
VLAI
Title
aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method
Summary
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch.
Severity
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/aio-libs/aiohttp/security/advi… | x_refsource_CONFIRM |
| https://github.com/aio-libs/aiohttp/commit/bc15db… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:aiohttp:aio-libs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aio-libs",
"vendor": "aiohttp",
"versions": [
{
"lessThan": "3.10.11",
"status": "affected",
"version": "3.10.6",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T14:39:25.327719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T14:45:27.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aiohttp",
"vendor": "aio-libs",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.10.6, \u003c 3.10.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772: Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T20:08:15.387Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-27mf-ghqm-j3j8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-27mf-ghqm-j3j8"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936"
}
],
"source": {
"advisory": "GHSA-27mf-ghqm-j3j8",
"discovery": "UNKNOWN"
},
"title": "aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52303",
"datePublished": "2024-11-18T20:08:15.387Z",
"dateReserved": "2024-11-06T19:00:26.396Z",
"dateUpdated": "2024-11-19T14:45:27.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0036 (GCVE-0-2025-0036)
Vulnerability from cvelistv5 – Published: 2025-06-09 23:57 – Updated: 2025-06-30 14:48
VLAI
Summary
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
Severity
CWE
- CWE-682 - Incorrect Calculation
- CWE-772 - Missing Release of Resource after Effective Lifetime
- CWE-940 - Improper Verification of Source of a Communication Channel
- CWE-941 - Incorrectly Specified Destination in a Communication Channel
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Versal Adaptive SoC Devices |
Unaffected:
2025.1 release
(custom)
|
|
| AMD | Versal RF Series |
Unaffected:
2025.1 release
|
|
| AMD | Versal AI Edge Series |
Unaffected:
2025.1 release
|
|
| AMD | Versal Prime Series |
Unaffected:
2025.1 release
|
|
| AMD | Versal Premium Series |
Unaffected:
2025.1 release
|
|
| AMD | Versal AI Core Series |
Unaffected:
2025.1 release
|
|
| AMD | Versal HBM Series |
Unaffected:
2025.1 release
|
|
| AMD | Alveo V80 Compute Accelerator |
Unaffected:
2025.1 release
|
Date Public
2025-06-03 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T14:19:45.871057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:27:43.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Versal Adaptive SoC Devices",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal RF Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal AI Edge Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal Prime Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal Premium Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal AI Core Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal HBM Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Alveo V80 Compute Accelerator",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
}
],
"datePublic": "2025-06-03T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.\u003cbr\u003e"
}
],
"value": "In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940 Improper Verification of Source of a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-941",
"description": "CWE-941 Incorrectly Specified Destination in a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T14:48:59.255Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8011.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-0036",
"datePublished": "2025-06-09T23:57:39.748Z",
"dateReserved": "2024-11-21T16:18:02.918Z",
"dateUpdated": "2025-06-30T14:48:59.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-14969 (GCVE-0-2025-14969)
Vulnerability from cvelistv5 – Published: 2026-01-26 19:36 – Updated: 2026-02-05 14:53
VLAI
Title
Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http client disconnect
Summary
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.
Severity
4.3 (Medium)
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:1965 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-14969 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2423822 | issue-trackingx_refsource_REDHAT |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat build of Quarkus 3.27.2 |
cpe:/a:redhat:quarkus:3.27::el8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat OpenShift Dev Spaces |
cpe:/a:redhat:openshift_devspaces:3 |
|
| Red Hat | Red Hat OpenShift Dev Spaces |
cpe:/a:redhat:openshift_devspaces:3 |
Date Public
2025-12-19 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T21:00:00.955979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:00:10.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:quarkus:3.27::el8"
],
"defaultStatus": "unaffected",
"packageName": "hibernate-reactive-core",
"product": "Red Hat build of Quarkus 3.27.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"packageName": "hibernate-reactive-core",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"packageName": "quarkus-hibernate-reactive-panache",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "hibernate-reactive-core",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "quarkus-hibernate-reactive-panache",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"packageName": "devspaces/dashboard-rhel9",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"packageName": "devspaces/devspaces-operator-bundle",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
}
],
"datePublic": "2025-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T14:53:48.212Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:1965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:1965"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-14969"
},
{
"name": "RHBZ#2423822",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423822"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-19T10:48:23.311Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-12-19T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http client disconnect",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-772: Missing Release of Resource after Effective Lifetime"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-14969",
"datePublished": "2026-01-26T19:36:40.424Z",
"dateReserved": "2025-12-19T10:54:33.492Z",
"dateUpdated": "2026-02-05T14:53:48.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22891 (GCVE-0-2025-22891)
Vulnerability from cvelistv5 – Published: 2025-02-05 17:31 – Updated: 2025-02-05 18:21
VLAI
Title
BIG-IP PEM Vulnerability
Summary
When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000139778 | vendor-advisory |
Impacted products
Date Public
2025-02-05 15:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:21:03.667204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:21:12.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"PEM"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.2",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.5",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "HotfixBIGIP-15.1.10.6.0.11.6-ENG.iso",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2025-02-05T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T17:31:01.627Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000139778"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP PEM Vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2025-22891",
"datePublished": "2025-02-05T17:31:01.627Z",
"dateReserved": "2025-01-22T00:16:50.290Z",
"dateUpdated": "2025-02-05T18:21:12.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-3
Phase: Requirements
Strategy: Language Selection
Description:
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Mitigation
Phase: Implementation
Description:
- It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions.
Mitigation ID: MIT-47
Phases: Operation, Architecture and Design
Strategy: Resource Limitation
Description:
- Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.
- When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.
- Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703).
CAPEC-469: HTTP DoS
An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.