exploit the possibilities
Showing 1 - 25 of 178 RSS Feed

Memory Leak Files

Debian Security Advisory 4367-2
Posted Jan 17, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4367-2 - The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update.

tags | advisory, memory leak
systems | linux, debian
MD5 | e6c45b7a762974159f1854d96b0e0726
LibTIFF 4.0.8 Memory Leak
Posted Dec 21, 2018
Authored by Jiawang Zhang

LibTIFF version 4.0.8 suffers from multiple memory leak vulnerabilities.

tags | advisory, vulnerability, memory leak, info disclosure
advisories | CVE-2017-16232
MD5 | 503f0927a50cb910585dab9890fa2f1b
ImageMagick Memory Leak
Posted Nov 20, 2018
Authored by barracud4

ImageMagick versions prior to 7.0.8-9 suffers from a memory leak vulnerability.

tags | exploit, memory leak, info disclosure
advisories | CVE-2018-16323
MD5 | 482e9c431cd68a68cdd9e40a6053a6a8
Ubuntu Security Notice USN-3785-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3785-1 - Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, memory leak
systems | linux, ubuntu
advisories | CVE-2018-14434, CVE-2018-14437, CVE-2018-14551, CVE-2018-16323, CVE-2018-16640, CVE-2018-16642, CVE-2018-16643, CVE-2018-16644, CVE-2018-16645, CVE-2018-16749, CVE-2018-16750
MD5 | 21b59cbac0421b36e21afeb307c30831
Ubuntu Security Notice USN-3678-4
Posted Jun 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
MD5 | 1d46e12aafc6190fd589563e09f2bb8a
Ubuntu Security Notice USN-3678-3
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-3 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
MD5 | b71a6729238f35ec13634f2c220c34d3
Ubuntu Security Notice USN-3678-2
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-2 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
MD5 | 1d0f17218b003943e4aff4def17102ae
Ubuntu Security Notice USN-3678-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
MD5 | 30a4c871ce87fae2bd0d703036631ef4
GNU Barcode 0.99 Memory Leak
Posted May 30, 2018
Authored by LiquidWorm | Site zeroscience.mk

GNU Barcode version 0.99 suffers from a memory leak vulnerability.

tags | exploit, memory leak
MD5 | d0eee2c339964fbd4ec3ae2aaa49f342
Ubuntu Security Notice USN-3534-1
Posted Jan 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3534-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. A memory leak was discovered in the _dl_init_paths function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2017-1000408, CVE-2017-1000409, CVE-2017-15670, CVE-2017-15804, CVE-2017-16997, CVE-2017-17426, CVE-2018-1000001
MD5 | 4d8f3d9f108dacae4f21c559451d5fd0
Qualys Security Advisory - GNU C Library Memory Leak / Buffer Overflow
Posted Dec 13, 2017
Authored by Qualys Security Advisory

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).

tags | exploit, overflow, memory leak
advisories | CVE-2017-1000408, CVE-2017-1000409
MD5 | 627d9c13d012677a6feb6b4514cbb8e3
Asterisk Project Security Advisory - AST-2017-011
Posted Nov 8, 2017
Authored by Kevin Harwell, Corey Farrell | Site asterisk.org

Asterisk Project Security Advisory - A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed.

tags | advisory, memory leak
MD5 | 31ccd7ef2019e7e8198027889428d92f
Red Hat Security Advisory 2017-1395-01
Posted Jun 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1395-01 - This package contains a new implementation of the original libtirpc, transport-independent RPC library for NFS-Ganesha. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

tags | advisory, memory leak
systems | linux, redhat
advisories | CVE-2017-8779
MD5 | beff9ee6fcb4b02422284889ee84c8c5
Red Hat Security Advisory 2017-1268-01
Posted May 24, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1268-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

tags | advisory, remote, memory leak
systems | linux, redhat
advisories | CVE-2017-8779
MD5 | c0ba90177a3d946241d390ed82ceec48
Red Hat Security Advisory 2017-1267-01
Posted May 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1267-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

tags | advisory, remote, memory leak
systems | linux, redhat
advisories | CVE-2017-8779
MD5 | f12a37161d0be834040c1845b07d62f4
Red Hat Security Advisory 2017-1262-01
Posted May 22, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1262-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

tags | advisory, remote, memory leak
systems | linux, redhat
advisories | CVE-2017-8779
MD5 | d7066d82fa5c66fdf39eec036fbe66da
Red Hat Security Advisory 2017-1263-01
Posted May 22, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1263-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

tags | advisory, remote, memory leak
systems | linux, redhat
advisories | CVE-2017-8779
MD5 | a9e7d4f0f42fe092cf47afd3b014fefe
FLAC 1.3.2 read_metadata_vorbiscomment_() Memory Leak / DoS
Posted May 15, 2017
Authored by Jakub Jirasek | Site secunia.com

Secunia Research has discovered a vulnerability in FLAC, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "read_metadata_vorbiscomment_()" function (stream_decoder.c), which can be exploited to cause a memory leak via a specially crafted FLAC file. The vulnerability is confirmed in version 1.3.2. Other versions may also be affected.

tags | advisory, denial of service, memory leak
advisories | CVE-2017-6888
MD5 | 07426242d2126fc7f266229556f63d1c
FreeBSD Security Advisory - FreeBSD-SA-17:04.ipfilter
Posted Apr 27, 2017
Authored by Cy Schubert | Site security.freebsd.org

FreeBSD Security Advisory - ipfilter(4), capable of stateful packet inspection, using the "keep state" or "keep frags" rule options, will not only maintain the state of connections, such as TCP streams or UDP communication, it also maintains the state of fragmented packets. When a packet fragments are received they are cached in a hash table (and linked list). When a fragment is received it is compared with fragments already cached in the hash table for a match. If it does not match the new entry is used to create a new entry in the hash table. If on the other hand it does match, unfortunately the wrong entry is freed, the entry in the hash table. This results in use after free panic (and for a brief moment prior to the panic a memory leak due to the wrong entry being freed). Carefully feeding fragments that are allowed to pass by an ipfilter(4) firewall can be used to cause a panic followed by reboot loop denial of service attack.

tags | advisory, denial of service, udp, tcp, memory leak
systems | freebsd
advisories | CVE-2017-1081
MD5 | 52202a1372fafbdf07a4259245a5e409
Ubuntu Security Notice USN-3187-2
Posted Feb 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3187-2 - Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service. It was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2016-9555, CVE-2016-9685
MD5 | 6324449e33351992007a601ce79b71dc
Ubuntu Security Notice USN-3187-1
Posted Feb 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3187-1 - Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service. It was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2016-9555, CVE-2016-9685
MD5 | db84eeec4c3c055a929a5d6ca9291015
Red Hat Security Advisory 2016-2802-01
Posted Nov 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2802-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.

tags | advisory, remote, protocol, memory leak
systems | linux, redhat
advisories | CVE-2016-6304
MD5 | 8e56b0c67a64377b482aced9ec3d90a9
Cisco Security Advisory 20160928-smi
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

tags | advisory, remote, denial of service, tcp, memory leak
systems | cisco, osx
MD5 | f4a1186c6866c8953658abc16723759c
Red Hat Security Advisory 2016-1940-01
Posted Sep 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1940-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.

tags | advisory, remote, protocol, memory leak
systems | linux, redhat
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6304, CVE-2016-6306
MD5 | c6afe0ce742f87952f6ae30a8585adbf
Cisco Security Advisory 20160810-iosxr
Posted Aug 11, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system. The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there are mitigations for this vulnerability.

tags | advisory, remote, denial of service, protocol, memory leak
systems | cisco, osx
MD5 | e44858ceffa1bfb26a9c53dc008ab51e
Page 1 of 8
Back12345Next

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    15 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    1 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close