7.5
CVE-2022-29693
- EPSS 1.18%
- Veröffentlicht 02.06.2022 14:15:50
- Zuletzt bearbeitet 21.11.2024 06:59:34
- CVE-Watchlists
- Unerledigt
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Unicorn-engine ≫ Unicorn Engine Version < 2.0.0
Unicorn-engine ≫ Unicorn Engine Version2.0.0 Update-
Unicorn-engine ≫ Unicorn Engine Version2.0.0 Updaterc1
Unicorn-engine ≫ Unicorn Engine Version2.0.0 Updaterc2
Unicorn-engine ≫ Unicorn Engine Version2.0.0 Updaterc3
Unicorn-engine ≫ Unicorn Engine Version2.0.0 Updaterc4
Unicorn-engine ≫ Unicorn Engine Version2.0.0 Updaterc5
Unicorn-engine ≫ Unicorn Engine Version2.0.0 Updaterc6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.18% | 0.635 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://github.com/unicorn-engine/unicorn/commit/469fc4c35a0cfabdbefb158e22d145f4ee6f77b9
https://github.com/unicorn-engine/unicorn/issues/1586