CWE-772
AllowedMissing Release of Resource after Effective Lifetime
Abstraction: Base · Status: Draft
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
567 vulnerabilities reference this CWE, most recent first.
GHSA-VF5R-HX7H-7RVC
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-07-03 18:42In the Linux kernel, the following vulnerability has been resolved:
ubifs: Set page uptodate in the correct place
Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it's supposed to have in it will allow a simultaneous reader to see old data. Move the call to SetPageUptodate into ubifs_write_end(), which is after we copied the new data into the page.
{
"affected": [],
"aliases": [
"CVE-2024-35821"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T14:15:17Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Set page uptodate in the correct place\n\nPage cache reads are lockless, so setting the freshly allocated page\nuptodate before we\u0027ve overwritten it with the data it\u0027s supposed to have\nin it will allow a simultaneous reader to see old data. Move the call\nto SetPageUptodate into ubifs_write_end(), which is after we copied the\nnew data into the page.",
"id": "GHSA-vf5r-hx7h-7rvc",
"modified": "2024-07-03T18:42:25Z",
"published": "2024-05-17T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35821"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VGWF-H737-FF37
Vulnerability from github – Published: 2026-06-25 22:18 – Updated: 2026-07-10 12:31A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/crypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.52.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-39830"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-772"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-25T22:18:17Z",
"nvd_published_at": "2026-05-22T04:16:22Z",
"severity": "CRITICAL"
},
"details": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"id": "GHSA-vgwf-h737-ff37",
"modified": "2026-07-10T12:31:34Z",
"published": "2026-06-25T22:18:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39830.json"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-5017"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"type": "WEB",
"url": "https://go.dev/issue/79564"
},
{
"type": "WEB",
"url": "https://go.dev/cl/781664"
},
{
"type": "WEB",
"url": "https://go.dev/cl/781640"
},
{
"type": "PACKAGE",
"url": "https://cs.opensource.google/go/x/crypto"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37387"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37296"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37286"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37278"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37275"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37271"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37268"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37072"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36796"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36651"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36648"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36625"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36319"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36207"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36199"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:35833"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "golang.org/x/crypto: Invoking client can cause server deadlock on unexpected responses"
}
GHSA-VH64-54PX-QGF8
Vulnerability from github – Published: 2025-03-03 16:21 – Updated: 2025-03-11 17:17Goroutine Leak in Abacus SSE Implementation
Summary
A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and terminate associated goroutines. This leads to resource exhaustion where the server continues running but eventually stops accepting new SSE connections while maintaining high memory usage. The vulnerability specifically involves improper channel cleanup in the event handling mechanism, causing goroutines to remain blocked indefinitely.
POC
Impact
This vulnerability affects all versions of Abacus prior to v1.4.0. The issue causes:
- Permanent unresponsiveness of the
/streamendpoint after prolonged use - Memory growth that stabilizes at a high level but prevents proper functionality
- Selective denial of service affecting only SSE connections while other endpoints remain functional
- Accumulated orphaned goroutines that cannot be garbage collected
- High resource consumption under sustained client connection/disconnection patterns
Systems running Abacus in production with client applications that frequently establish and terminate SSE connections are most vulnerable. The issue becomes particularly apparent in high-traffic environments or during connection stress testing.
Patches
The vulnerability has been patched in Abacus v1.4.0. The fix includes:
- Implementing buffered channels to prevent blocking operations during cleanup
- Adding proper mutex-protected cleanup logic to ensure resources are released exactly once
- Implementing timeout protection for channel operations to prevent deadlocks
- Ensuring consistent cleanup when connections terminate unexpectedly
- Adding improved monitoring for client disconnections using request context
- Restructuring the event broadcasting system to safely handle client removal
Users should upgrade to v1.4.0 or later versions as soon as possible.
Workarounds
If upgrading is not immediately possible, the following workarounds can help mitigate the issue:
-
Limit maximum connections: Configure your reverse proxy to limit the maximum number of concurrent connections to the
/streamendpoints. -
Implement request timeouts: Configure your infrastructure to terminate long-lived SSE connections after a reasonable period.
-
Restart regularly: Schedule regular restarts of the Abacus service to reclaim resources.
-
Monitor memory usage: Set up alerts for abnormal memory growth patterns.
-
Separate instance for SSE: Run a dedicated Abacus instance solely for handling SSE connections, allowing it to be restarted without affecting the main API functionality.
References
- Go Concurrency Patterns: Context
- CWE-772: Missing Release of Resource after Effective Lifetime
- OWASP Top 10: Resource Exhaustion
- Resource Management in Go
For More Information
Please contact the Abacus security team at abacus@jsn.cam for additional information or to report further security issues.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/jasonlovesdoggo/abacus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20250302043802-898ff1204e11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-27421"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-772"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-03T16:21:46Z",
"nvd_published_at": "2025-03-03T17:15:15Z",
"severity": "HIGH"
},
"details": "## Goroutine Leak in Abacus SSE Implementation\n\n### Summary\n\nA critical goroutine leak vulnerability has been identified in the Abacus server\u0027s Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the `/stream` endpoint, as the server fails to properly clean up resources and terminate associated goroutines. This leads to resource exhaustion where the server continues running but eventually stops accepting new SSE connections while maintaining high memory usage. The vulnerability specifically involves improper channel cleanup in the event handling mechanism, causing goroutines to remain blocked indefinitely.\n\n### [POC](https://github.com/JasonLovesDoggo/abacus/blob/main/docs/bugs/GHSA-vh64-54px-qgf8/test.py)\n\n### Impact\n\nThis vulnerability affects all versions of Abacus prior to v1.4.0. The issue causes:\n\n- Permanent unresponsiveness of the `/stream` endpoint after prolonged use\n- Memory growth that stabilizes at a high level but prevents proper functionality\n- Selective denial of service affecting only SSE connections while other endpoints remain functional\n- Accumulated orphaned goroutines that cannot be garbage collected\n- High resource consumption under sustained client connection/disconnection patterns\n\nSystems running Abacus in production with client applications that frequently establish and terminate SSE connections are most vulnerable. The issue becomes particularly apparent in high-traffic environments or during connection stress testing.\n\n### Patches\n\nThe vulnerability has been patched in Abacus v1.4.0. The fix includes:\n\n1. Implementing buffered channels to prevent blocking operations during cleanup\n2. Adding proper mutex-protected cleanup logic to ensure resources are released exactly once\n3. Implementing timeout protection for channel operations to prevent deadlocks\n4. Ensuring consistent cleanup when connections terminate unexpectedly\n5. Adding improved monitoring for client disconnections using request context\n6. Restructuring the event broadcasting system to safely handle client removal\n\nUsers should upgrade to v1.4.0 or later versions as soon as possible.\n\n### Workarounds\n\nIf upgrading is not immediately possible, the following workarounds can help mitigate the issue:\n\n1. **Limit maximum connections**: Configure your reverse proxy to limit the maximum number of concurrent connections to the `/stream` endpoints.\n\n2. **Implement request timeouts**: Configure your infrastructure to terminate long-lived SSE connections after a reasonable period.\n\n3. **Restart regularly**: Schedule regular restarts of the Abacus service to reclaim resources.\n\n4. **Monitor memory usage**: Set up alerts for abnormal memory growth patterns.\n\n5. **Separate instance for SSE**: Run a dedicated Abacus instance solely for handling SSE connections, allowing it to be restarted without affecting the main API functionality.\n\n### References\n\n- [Go Concurrency Patterns: Context](https://blog.golang.org/context)\n- [CWE-772: Missing Release of Resource after Effective Lifetime](https://cwe.mitre.org/data/definitions/772.html)\n- [OWASP Top 10: Resource Exhaustion](https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control)\n- [Resource Management in Go](https://go.dev/blog/defer-panic-and-recover)\n\n### For More Information\n\nPlease contact the Abacus security team at abacus@jsn.cam for additional information or to report further security issues.",
"id": "GHSA-vh64-54px-qgf8",
"modified": "2025-03-11T17:17:30Z",
"published": "2025-03-03T16:21:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/JasonLovesDoggo/abacus/security/advisories/GHSA-vh64-54px-qgf8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27421"
},
{
"type": "WEB",
"url": "https://github.com/JasonLovesDoggo/abacus/commit/78fdb9b48b7f6d08ed0cd41077509c0a97071552"
},
{
"type": "WEB",
"url": "https://github.com/JasonLovesDoggo/abacus/commit/898ff1204e11317cc161240b660e63eed5a72b33"
},
{
"type": "PACKAGE",
"url": "https://github.com/JasonLovesDoggo/abacus"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3498"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Goroutine Leak in Abacus SSE Implementation"
}
GHSA-VJQV-F876-5P65
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:37An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2019-5023"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-31T21:15:00Z",
"severity": "MODERATE"
},
"details": "An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability.",
"id": "GHSA-vjqv-f876-5p65",
"modified": "2024-04-04T02:37:20Z",
"published": "2022-05-24T17:00:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5023"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0784"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM2W-8MJ4-GV48
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
{
"affected": [],
"aliases": [
"CVE-2018-18016"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-05T17:29:00Z",
"severity": "MODERATE"
},
"details": "ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.",
"id": "GHSA-vm2w-8mj4-gv48",
"modified": "2022-05-13T01:50:37Z",
"published": "2022-05-13T01:50:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18016"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1049"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-18016"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4034-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM3Q-58WM-2R2X
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2024-11-26 18:14An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_query_parse.c, which might lead to a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pg-query"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "pglast"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-18482"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-22T20:22:50Z",
"nvd_published_at": "2018-10-18T18:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_query_parse.c, which might lead to a denial of service.",
"id": "GHSA-vm3q-58wm-2r2x",
"modified": "2024-11-26T18:14:48Z",
"published": "2022-05-13T01:50:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18482"
},
{
"type": "WEB",
"url": "https://github.com/lfittl/libpg_query/issues/49"
},
{
"type": "PACKAGE",
"url": "https://github.com/lelit/pglast"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pg-query/PYSEC-2018-154.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "libpg_query memory leak"
}
GHSA-VR7M-HQG9-V4MF
Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.0.1 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances. Cisco Bug IDs: CSCve02069.
{
"affected": [],
"aliases": [
"CVE-2017-12245"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-05T07:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.0.1 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances. Cisco Bug IDs: CSCve02069.",
"id": "GHSA-vr7m-hqg9-v4mf",
"modified": "2022-05-13T01:38:02Z",
"published": "2022-05-13T01:38:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12245"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ftd"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101118"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VR9X-JFPJ-G523
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to obtain sensitive information about color objects from process memory by reading a light object's RGB data, a different vulnerability than CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704.
{
"affected": [],
"aliases": [
"CVE-2015-6697"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-10-14T23:59:00Z",
"severity": "MODERATE"
},
"details": "Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to obtain sensitive information about color objects from process memory by reading a light object\u0027s RGB data, a different vulnerability than CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704.",
"id": "GHSA-vr9x-jfpj-g523",
"modified": "2022-05-13T01:06:41Z",
"published": "2022-05-13T01:06:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6697"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033796"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-475"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VRW4-XQVW-J7J7
Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-04 18:31A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly.
This vulnerability is due to improper handling of new, incoming TCP connections that are destined to management or data interfaces when the device is under a TCP SYN flood attack. An attacker could exploit this vulnerability by sending a crafted stream of traffic to an affected device. A successful exploit could allow the attacker to prevent all incoming TCP connections to the device from being established, including remote management access, Remote Access VPN (RAVPN) connections, and all network protocols that are TCP-based. This results in a denial of service (DoS) condition for affected features.
{
"affected": [],
"aliases": [
"CVE-2026-20082"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T18:16:24Z",
"severity": "HIGH"
},
"details": "A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly.\n\n This vulnerability is due to improper handling of new, incoming TCP connections that are destined to management or data interfaces when the device is under a TCP SYN flood attack. An attacker could exploit this vulnerability by sending a crafted stream of traffic to an affected device. A successful exploit could allow the attacker to prevent all incoming TCP connections to the device from being established, including remote management access, Remote Access VPN (RAVPN) connections, and all network protocols that are TCP-based. This results in a denial of service (DoS) condition for affected features.",
"id": "GHSA-vrw4-xqvw-j7j7",
"modified": "2026-03-04T18:31:55Z",
"published": "2026-03-04T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20082"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-FCvLD6vR"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VRX5-G53M-HHM7
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-07-03 18:42In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: fix missing sev_decommission in sev_receive_start
DECOMMISSION the current SEV context if binding an ASID fails after RECEIVE_START. Per AMD's SEV API, RECEIVE_START generates a new guest context and thus needs to be paired with DECOMMISSION:
The RECEIVE_START command is the only command other than the LAUNCH_START
command that generates a new guest context and guest handle.
The missing DECOMMISSION can result in subsequent SEV launch failures, as the firmware leaks memory and might not able to allocate more SEV guest contexts in the future.
Note, LAUNCH_START suffered the same bug, but was previously fixed by commit 934002cd660b ("KVM: SVM: Call SEV Guest Decommission if ASID binding fails").
{
"affected": [],
"aliases": [
"CVE-2021-47389"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: fix missing sev_decommission in sev_receive_start\n\nDECOMMISSION the current SEV context if binding an ASID fails after\nRECEIVE_START. Per AMD\u0027s SEV API, RECEIVE_START generates a new guest\ncontext and thus needs to be paired with DECOMMISSION:\n\n The RECEIVE_START command is the only command other than the LAUNCH_START\n command that generates a new guest context and guest handle.\n\nThe missing DECOMMISSION can result in subsequent SEV launch failures,\nas the firmware leaks memory and might not able to allocate more SEV\nguest contexts in the future.\n\nNote, LAUNCH_START suffered the same bug, but was previously fixed by\ncommit 934002cd660b (\"KVM: SVM: Call SEV Guest Decommission if ASID\nbinding fails\").",
"id": "GHSA-vrx5-g53m-hhm7",
"modified": "2024-07-03T18:42:51Z",
"published": "2024-05-21T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47389"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/efd7866e114dcb44f86d151e843f8276b7efbc67"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1815e0aa770f2127c5df31eb5c2f0e37b60fa77"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Mitigation
It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions.
Mitigation MIT-47
Strategy: Resource Limitation
- Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.
- When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.
- Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703).
CAPEC-469: HTTP DoS
An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.