7.5

CVE-2022-29693

Exploit
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Unicorn-engineUnicorn Engine Version < 2.0.0
Unicorn-engineUnicorn Engine Version2.0.0 Update-
Unicorn-engineUnicorn Engine Version2.0.0 Updaterc1
Unicorn-engineUnicorn Engine Version2.0.0 Updaterc2
Unicorn-engineUnicorn Engine Version2.0.0 Updaterc3
Unicorn-engineUnicorn Engine Version2.0.0 Updaterc4
Unicorn-engineUnicorn Engine Version2.0.0 Updaterc5
Unicorn-engineUnicorn Engine Version2.0.0 Updaterc6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.18% 0.635
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://github.com/unicorn-engine/unicorn/commit/469fc4c35a0cfabdbefb158e22d145f4ee6f77b9
Patch
Third Party Advisory
https://github.com/unicorn-engine/unicorn/issues/1586
Third Party Advisory
Exploit
Issue Tracking