CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.
CVE-2022-20922 (GCVE-0-2022-20922)
Vulnerability from cvelistv5
Published
2022-11-10 17:37
Modified
2024-08-03 02:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Summary
Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device.
These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition.
Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information.
Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Cisco | Cisco Firepower Threat Defense Software |
Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.2.0 Version: 7.2.0.1 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:57.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-snort-smb-3nfhJtr",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-smb-3nfhJtr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.0.1"
}
]
},
{
"product": "Cisco Umbrella Insights Virtual Appliance",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.5.4"
},
{
"status": "affected",
"version": "1.5.5"
},
{
"status": "affected",
"version": "1.5.6"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.2"
},
{
"status": "affected",
"version": "2.0.3"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.2"
},
{
"status": "affected",
"version": "2.1.5"
},
{
"status": "affected",
"version": "2.1.4"
},
{
"status": "affected",
"version": "2.4.12"
},
{
"status": "affected",
"version": "2.4.6"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.4.4"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.4"
},
{
"status": "affected",
"version": "2.5.5"
},
{
"status": "affected",
"version": "2.5.6"
},
{
"status": "affected",
"version": "2.5.7"
},
{
"status": "affected",
"version": "2.6.0"
},
{
"status": "affected",
"version": "2.6.1"
},
{
"status": "affected",
"version": "2.6.2"
},
{
"status": "affected",
"version": "2.7"
},
{
"status": "affected",
"version": "2.8"
},
{
"status": "affected",
"version": "2.8.9"
},
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.1"
}
]
},
{
"product": "Cisco Cyber Vision",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.4"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.5"
},
{
"status": "affected",
"version": "3.0.6"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.3"
},
{
"status": "affected",
"version": "4.1.0"
},
{
"status": "affected",
"version": "4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device.\r\n\r These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition.\r\n\r Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details [\"#details\"] section of this advisory for more information.\r\n\r Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:13.504Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snort-smb-3nfhJtr",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-smb-3nfhJtr"
}
],
"source": {
"advisory": "cisco-sa-snort-smb-3nfhJtr",
"defects": [
"CSCwa55404",
"CSCwb66736",
"CSCwb87762",
"CSCwb91454",
"CSCwc37518",
"CSCwc37339"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20922",
"datePublished": "2022-11-10T17:37:12.903Z",
"dateReserved": "2021-11-02T13:28:29.190Z",
"dateUpdated": "2024-08-03T02:31:57.388Z",
"requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20943 (GCVE-0-2022-20943)
Vulnerability from cvelistv5
Published
2022-11-10 17:37
Modified
2024-08-03 02:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Summary
Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device.
These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition.
Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information.
Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Cisco | Cisco Firepower Threat Defense Software |
Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:57.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-snort-smb-3nfhJtr",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-smb-3nfhJtr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.1.1"
}
]
},
{
"product": "Cisco Cyber Vision",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.4"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.5"
},
{
"status": "affected",
"version": "3.0.6"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.3"
},
{
"status": "affected",
"version": "4.1.0"
},
{
"status": "affected",
"version": "4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device.\r\n\r These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition.\r\n\r Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details [\"#details\"] section of this advisory for more information.\r\n\r Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:18.786Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snort-smb-3nfhJtr",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-smb-3nfhJtr"
}
],
"source": {
"advisory": "cisco-sa-snort-smb-3nfhJtr",
"defects": [
"CSCvy97080",
"CSCwb78519"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20943",
"datePublished": "2022-11-10T17:37:31.385Z",
"dateReserved": "2021-11-02T13:28:29.193Z",
"dateUpdated": "2024-08-03T02:31:57.976Z",
"requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20031 (GCVE-0-2023-20031)
Vulnerability from cvelistv5
Published
2023-11-01 17:03
Modified
2024-08-02 08:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Summary
A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.2.0 Version: 7.2.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ftd-snort3-8U4HHxH8",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.7.0"
},
{
"status": "affected",
"version": "6.7.0.1"
},
{
"status": "affected",
"version": "6.7.0.2"
},
{
"status": "affected",
"version": "6.7.0.3"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.2.1"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:34.231Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ftd-snort3-8U4HHxH8",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8"
}
],
"source": {
"advisory": "cisco-sa-ftd-snort3-8U4HHxH8",
"defects": [
"CSCwc07015"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20031",
"datePublished": "2023-11-01T17:03:19.911Z",
"dateReserved": "2022-10-27T18:47:50.312Z",
"dateUpdated": "2024-08-02T08:57:35.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20070 (GCVE-0-2023-20070)
Vulnerability from cvelistv5
Published
2023-11-01 17:08
Modified
2024-08-02 08:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Summary
A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a TLS 1.3 session. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted TLS 1.3 message sequence through an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in a denial of service (DoS) condition. While the Snort detection engine reloads, packets going through the FTD device that are sent to the Snort detection engine will be dropped. The Snort detection engine will restart automatically. No manual intervention is required.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Version: 7.2.0 Version: 7.2.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ftd-snort3-uAnUntcV",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-uAnUntcV"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a TLS 1.3 session. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted TLS 1.3 message sequence through an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in a denial of service (DoS) condition. While the Snort detection engine reloads, packets going through the FTD device that are sent to the Snort detection engine will be dropped. The Snort detection engine will restart automatically. No manual intervention is required."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:40.830Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ftd-snort3-uAnUntcV",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-uAnUntcV"
}
],
"source": {
"advisory": "cisco-sa-ftd-snort3-uAnUntcV",
"defects": [
"CSCwc59953"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20070",
"datePublished": "2023-11-01T17:08:19.315Z",
"dateReserved": "2022-10-27T18:47:50.328Z",
"dateUpdated": "2024-08-02T08:57:35.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20177 (GCVE-0-2023-20177)
Vulnerability from cvelistv5
Published
2023-11-01 16:41
Modified
2024-08-02 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Summary
A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. The Snort 3 detection engine will restart automatically. No manual intervention is required.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.0.1 Version: 7.2.1 Version: 7.2.2 Version: 7.2.3 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sa-ftd-snort3-urldos-OccFQTeX",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort3-urldos-OccFQTeX"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.2.1"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. The Snort 3 detection engine will restart automatically. No manual intervention is required."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:50.305Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sa-ftd-snort3-urldos-OccFQTeX",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort3-urldos-OccFQTeX"
}
],
"source": {
"advisory": "cisco-sa-sa-ftd-snort3-urldos-OccFQTeX",
"defects": [
"CSCwe87591"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20177",
"datePublished": "2023-11-01T16:41:37.495Z",
"dateReserved": "2022-10-27T18:47:50.363Z",
"dateUpdated": "2024-08-02T09:05:35.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33013 (GCVE-0-2025-33013)
Vulnerability from cvelistv5
Published
2025-07-24 14:55
Modified
2025-08-18 01:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | IBM | MQ Operator |
Version: 2.0.0 LTS ≤ 2.0.29 LTS cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:03:40.272604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:03:48.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.2.13 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:27:18.300Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33013",
"datePublished": "2025-07-24T14:55:04.945Z",
"dateReserved": "2025-04-15T09:48:51.519Z",
"dateUpdated": "2025-08-18T01:27:18.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5105 (GCVE-0-2025-5105)
Vulnerability from cvelistv5
Published
2025-05-23 12:00
Modified
2025-05-23 13:16
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release
Summary
A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5105",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T13:13:08.930769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T13:16:21.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Service Port 7777"
],
"product": "ZLT W51",
"vendor": "TOZED",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.4.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mohamed Maatallah (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in TOZED ZLT W51 bis 1.4.2 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Service Port 7777. Durch die Manipulation mit unbekannten Daten kann eine improper clearing of heap memory before release-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "Improper Clearing of Heap Memory Before Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T12:00:06.933Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310082 | TOZED ZLT W51 Service Port 7777 heap inspection",
"tags": [
"vdb-entry",
"mitigation"
],
"url": "https://vuldb.com/?id.310082"
},
{
"name": "VDB-310082 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310082"
},
{
"name": "Submit #568495 | TOZED ZLT W51 Wifi6 Router (Ooredoo) Firmware version 1.4.2 Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.568495"
},
{
"tags": [
"related"
],
"url": "https://github.com/Zephkek/LeakyTozed"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Zephkek/LeakyTozed#41-proof-of-concept"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-23T08:26:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOZED ZLT W51 Service Port 7777 heap inspection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5105",
"datePublished": "2025-05-23T12:00:06.933Z",
"dateReserved": "2025-05-23T06:20:10.379Z",
"dateUpdated": "2025-05-23T13:16:21.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.