CVE-2017-6414
Advisory lineage Upstream: 0 Downstream: 7
Modified
Published: 15 Mar 2017, 14:00
Last modified:05 Aug 2024, 15:25
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.19% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
15 Mar 2017, 14:00
Published
Vulnerability first disclosed
05 Aug 2024, 15:25
Last Modified
Vulnerability information updated
Description
Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 0.19%• Percentile: 41%
Techniques & Countermeasures
- CWE-772•Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Affected Systems
- libcacard_project•libcacard
< 2.5.3
References (6)
- http://www.securityfocus.com/bid/96541
- http://www.openwall.com/lists/oss-security/2017/03/01/11
- https://bugzilla.redhat.com/show_bug.cgi?id=1427833
- https://access.redhat.com/errata/RHSA-2017:2408
- https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
- https://cgit.freedesktop.org/spice/libcacard/tree/NEWS?id=aaa5251791bf0b1640afcba77a7d79ea23c42d53