CWE-404
Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
CVE-2025-3198 (GCVE-0-2025-3198)
Vulnerability from cvelistv5 – Published: 2025-04-04 01:31 – Updated: 2026-05-12 12:02
VLAI
Title
GNU Binutils objdump bucomm.c display_info memory leak
Summary
A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.303151 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.303151 | signaturepermissions-required |
| https://vuldb.com/?submit.545773 | third-party-advisory |
| https://sourceware.org/bugzilla/show_bug.cgi?id=32716 | issue-tracking |
| https://sourceware.org/bugzilla/show_bug.cgi?id=3… | exploitissue-tracking |
| https://sourceware.org/git/gitweb.cgi?p=binutils-… | patch |
| https://www.gnu.org/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3198",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:36:25.636186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T20:21:07.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32716"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:02:15.798Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"modules": [
"objdump"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.43"
},
{
"status": "affected",
"version": "2.44"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Haoxin Tu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In GNU Binutils 2.43/2.44 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft die Funktion display_info der Datei binutils/bucomm.c der Komponente objdump. Mit der Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als ba6ad3a18cb26b79e0e3b84c39f707535bbc344d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "Memory Leak",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T01:31:08.985Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-303151 | GNU Binutils objdump bucomm.c display_info memory leak",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.303151"
},
{
"name": "VDB-303151 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.303151"
},
{
"name": "Submit #545773 | GNU Library Objdump in Binutil 2.44 and 2.43 (also other possible downward versions) Memory Leak",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.545773"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32716"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-03T13:19:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils objdump bucomm.c display_info memory leak"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3198",
"datePublished": "2025-04-04T01:31:08.985Z",
"dateReserved": "2025-04-03T11:14:11.186Z",
"dateUpdated": "2026-05-12T12:02:15.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3535 (GCVE-0-2025-3535)
Vulnerability from cvelistv5 – Published: 2025-04-13 11:00 – Updated: 2025-04-14 19:38
VLAI
Title
shuanx BurpAPIFinder BurpApiFinder.db denial of service
Summary
A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file BurpApiFinder.db. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-404 - Denial of Service
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.304573 | vdb-entry |
| https://vuldb.com/?ctiid.304573 | signaturepermissions-required |
| https://vuldb.com/?submit.545457 | third-party-advisory |
| https://github.com/shuanx/BurpAPIFinder/issues/18 | issue-tracking |
| https://github.com/shuanx/BurpAPIFinder/issues/18… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| shuanx | BurpAPIFinder |
Affected:
2.0.0
Affected: 2.0.1 Affected: 2.0.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3535",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T19:37:19.203689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T19:38:09.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BurpAPIFinder",
"vendor": "shuanx",
"versions": [
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Web Hacker Team (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "Web Hacker Team (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file BurpApiFinder.db. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In shuanx BurpAPIFinder bis 2.0.2 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei BurpApiFinder.db. Mittels dem Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-13T11:00:13.406Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-304573 | shuanx BurpAPIFinder BurpApiFinder.db denial of service",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.304573"
},
{
"name": "VDB-304573 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.304573"
},
{
"name": "Submit #545457 | shuanx BurpAPIFinder v2.0.2 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.545457"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/shuanx/BurpAPIFinder/issues/18"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/shuanx/BurpAPIFinder/issues/18#issue-2956026808"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-12T17:19:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "shuanx BurpAPIFinder BurpApiFinder.db denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3535",
"datePublished": "2025-04-13T11:00:13.406Z",
"dateReserved": "2025-04-12T11:55:17.369Z",
"dateUpdated": "2025-04-14T19:38:09.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36006 (GCVE-0-2025-36006)
Vulnerability from cvelistv5 – Published: 2025-11-07 19:04 – Updated: 2025-11-07 19:15
VLAI
Title
IBM Db2 denial of service
Summary
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.
Severity
6.5 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7250479 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 |
Affected:
10.5.0 , ≤ 10.5.11
(semver)
Affected: 11.1.0 , ≤ 11.1.4.7 (semver) Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.3 (semver) cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T19:15:11.662526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T19:15:29.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.5.11",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.\u003c/p\u003e"
}
],
"value": "IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T19:04:05.595Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250479"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V10.5 TBD DT422191 Special Build for V10.5.11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 big endian Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V11.1 TBD DT422191 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT422191 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT422191 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V10.5 TBD DT422191 Special Build for V10.5.11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 big endian Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V11.1 TBD DT422191 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT422191 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT422191 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWorkarounds and Mitigations For\u00a0JCC\u00a0applications,\u00a0set\u00a0queryCloseImplicit\u00a0property\u00a0to\u00a02\u00a0for\u00a0the\u00a0connections. For, CLI and ODBC applications, set SQL_ATTR_EARLYCLOSE property to SQL_EARLYCLOSE_OFF for the statements. Manually recycle connections either by forcing the application handles or by making an application side change (a refresh of the connection pool). You can find the application handles that use most FCM buffers by running\u00a0db2pd -fcm -member x\u00a0\u00a0(look for the highest buffer consumer) and then force.\u003c/p\u003e"
}
],
"value": "Workarounds and Mitigations For\u00a0JCC\u00a0applications,\u00a0set\u00a0queryCloseImplicit\u00a0property\u00a0to\u00a02\u00a0for\u00a0the\u00a0connections. For, CLI and ODBC applications, set SQL_ATTR_EARLYCLOSE property to SQL_EARLYCLOSE_OFF for the statements. Manually recycle connections either by forcing the application handles or by making an application side change (a refresh of the connection pool). You can find the application handles that use most FCM buffers by running\u00a0db2pd -fcm -member x\u00a0\u00a0(look for the highest buffer consumer) and then force."
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36006",
"datePublished": "2025-11-07T19:04:05.595Z",
"dateReserved": "2025-04-15T21:16:05.532Z",
"dateUpdated": "2025-11-07T19:15:29.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3730 (GCVE-0-2025-3730)
Vulnerability from cvelistv5 – Published: 2025-04-16 21:00 – Updated: 2025-05-22 21:39 Disputed
VLAI
Title
PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service
Summary
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.
Severity
CWE
- CWE-404 - Denial of Service
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.305076 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.305076 | signaturepermissions-required |
| https://vuldb.com/?submit.553645 | third-party-advisory |
| https://github.com/pytorch/pytorch/issues/150835 | issue-tracking |
| https://github.com/pytorch/pytorch/pull/150981 | issue-tracking |
| https://github.com/pytorch/pytorch/issues/150835#… | exploitissue-tracking |
| https://github.com/timocafe/tewart-pytorch/commit… | patch |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3730",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:30:13.460308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T13:56:07.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pytorch/pytorch/issues/150835"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PyTorch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Default436352 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in PyTorch 2.6.0 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion torch.nn.functional.ctc_loss der Datei aten/src/ATen/native/LossCTC.cpp. Mit der Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt. Der Patch wird als 46fc5d8e360127361211cb237d5f9eef0223e567 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T21:39:19.138Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-305076 | PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.305076"
},
{
"name": "VDB-305076 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.305076"
},
{
"name": "Submit #553645 | pytorch pytorch (in torch.nn.functional.ctc_loss) 2.6.0 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.553645"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/pytorch/pytorch/issues/150835"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/pytorch/pytorch/pull/150981"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/pytorch/pytorch/issues/150835#issue-2979082232"
},
{
"tags": [
"patch"
],
"url": "https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567"
}
],
"tags": [
"disputed"
],
"timeline": [
{
"lang": "en",
"time": "2025-04-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-22T23:44:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3730",
"datePublished": "2025-04-16T21:00:17.836Z",
"dateReserved": "2025-04-16T13:41:20.997Z",
"dateUpdated": "2025-05-22T21:39:19.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4002 (GCVE-0-2025-4002)
Vulnerability from cvelistv5 – Published: 2025-04-28 05:00 – Updated: 2025-04-28 14:22
VLAI
Title
RefindPlusRepo RefindPlus BootLog.c GetDebugLogFile null pointer dereference
Summary
A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue.
Severity
5.5 (Medium)
5.5 (Medium)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306338 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.306338 | signaturepermissions-required |
| https://vuldb.com/?submit.558122 | third-party-advisory |
| https://github.com/RefindPlusRepo/RefindPlus/issues/204 | issue-tracking |
| https://github.com/RefindPlusRepo/RefindPlus/issu… | issue-tracking |
| https://github.com/RefindPlusRepo/RefindPlus/comm… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RefindPlusRepo | RefindPlus |
Affected:
0.14.2.AB
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T14:21:50.716676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T14:22:13.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RefindPlus",
"vendor": "RefindPlusRepo",
"versions": [
{
"status": "affected",
"version": "0.14.2.AB"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "micromilo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in RefindPlusRepo RefindPlus 0.14.2.AB gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion GetDebugLogFile der Datei Library/MemLogLib/BootLog.c. Durch Beeinflussen mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Patch wird als d2143a1e2deefddd9b105fb7160763c4f8d47ea2 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T05:00:07.032Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306338 | RefindPlusRepo RefindPlus BootLog.c GetDebugLogFile null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306338"
},
{
"name": "VDB-306338 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306338"
},
{
"name": "Submit #558122 | RefindPlusRepo RefindPlus v0.14.2.AB Release NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.558122"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/RefindPlusRepo/RefindPlus/issues/204"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/RefindPlusRepo/RefindPlus/issues/204#issuecomment-2696817643"
},
{
"tags": [
"patch"
],
"url": "https://github.com/RefindPlusRepo/RefindPlus/commit/d2143a1e2deefddd9b105fb7160763c4f8d47ea2"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T10:44:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "RefindPlusRepo RefindPlus BootLog.c GetDebugLogFile null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4002",
"datePublished": "2025-04-28T05:00:07.032Z",
"dateReserved": "2025-04-26T08:38:39.718Z",
"dateUpdated": "2025-04-28T14:22:13.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4003 (GCVE-0-2025-4003)
Vulnerability from cvelistv5 – Published: 2025-04-28 05:31 – Updated: 2025-04-28 14:21
VLAI
Title
RefindPlusRepo RefindPlus RP_ApfsIo.c InternalApfsTranslateBlock null pointer dereference
Summary
A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB. It has been classified as problematic. This affects the function InternalApfsTranslateBlock of the file Library/RP_ApfsLib/RP_ApfsIo.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The patch is named 4d35125ca689a255647e9033dd60c257d26df7cb. It is recommended to apply a patch to fix this issue.
Severity
5.5 (Medium)
5.5 (Medium)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306339 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.306339 | signaturepermissions-required |
| https://vuldb.com/?submit.558123 | third-party-advisory |
| https://github.com/RefindPlusRepo/RefindPlus/issues/206 | issue-tracking |
| https://github.com/RefindPlusRepo/RefindPlus/issu… | issue-tracking |
| https://github.com/RefindPlusRepo/RefindPlus/comm… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RefindPlusRepo | RefindPlus |
Affected:
0.14.2.AB
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T14:20:56.232755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T14:21:14.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RefindPlus",
"vendor": "RefindPlusRepo",
"versions": [
{
"status": "affected",
"version": "0.14.2.AB"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "micromilo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB. It has been classified as problematic. This affects the function InternalApfsTranslateBlock of the file Library/RP_ApfsLib/RP_ApfsIo.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The patch is named 4d35125ca689a255647e9033dd60c257d26df7cb. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in RefindPlusRepo RefindPlus 0.14.2.AB ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion InternalApfsTranslateBlock der Datei Library/RP_ApfsLib/RP_ApfsIo.c. Dank der Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Patch wird als 4d35125ca689a255647e9033dd60c257d26df7cb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T05:31:05.213Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306339 | RefindPlusRepo RefindPlus RP_ApfsIo.c InternalApfsTranslateBlock null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306339"
},
{
"name": "VDB-306339 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306339"
},
{
"name": "Submit #558123 | RefindPlusRepo RefindPlus v0.14.2.AB Release NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.558123"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/RefindPlusRepo/RefindPlus/issues/206"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/RefindPlusRepo/RefindPlus/issues/206#event-16595888967"
},
{
"tags": [
"patch"
],
"url": "https://github.com/RefindPlusRepo/RefindPlus/commit/4d35125ca689a255647e9033dd60c257d26df7cb"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T10:44:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "RefindPlusRepo RefindPlus RP_ApfsIo.c InternalApfsTranslateBlock null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4003",
"datePublished": "2025-04-28T05:31:05.213Z",
"dateReserved": "2025-04-26T08:38:57.383Z",
"dateUpdated": "2025-04-28T14:21:14.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41399 (GCVE-0-2025-41399)
Vulnerability from cvelistv5 – Published: 2025-05-07 22:04 – Updated: 2025-05-08 13:23
VLAI
Title
SCTP Vulnerability
Summary
When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000137709 | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP |
Unaffected:
17.5.0 , < *
(custom)
Affected: 17.1.0 , < 17.1.1 (custom) Affected: 16.1.0 , < 16.1.4 (custom) Affected: 15.1.0 , < 15.1.9 (custom) |
|
| F5 | BIG-IP Next |
Affected:
20.0.1 , < 20.2.1
(custom)
|
|
| F5 | BIG-IP Next SPK |
Affected:
1.8.0 , < 2.0.0
(custom)
Affected: 1.7.0 , < 1.7.12 (custom) |
|
| F5 | BIG-IP Next CNF |
Unaffected:
2.0.0 , < *
(custom)
Affected: 1.1.0 , < 1.3.0 (custom) |
Date Public
2025-05-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T13:23:45.422611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T13:23:51.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "17.5.0",
"versionType": "custom"
},
{
"lessThan": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.9",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "BIG-IP Next",
"vendor": "F5",
"versions": [
{
"lessThan": "20.2.1",
"status": "affected",
"version": "20.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "BIG-IP Next SPK",
"vendor": "F5",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
},
{
"lessThan": "1.7.12",
"status": "affected",
"version": "1.7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "BIG-IP Next CNF",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2025-05-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T22:04:07.220Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137709"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SCTP Vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2025-41399",
"datePublished": "2025-05-07T22:04:07.220Z",
"dateReserved": "2025-04-23T22:28:26.313Z",
"dateUpdated": "2025-05-08T13:23:51.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4287 (GCVE-0-2025-4287)
Vulnerability from cvelistv5 – Published: 2025-05-05 20:00 – Updated: 2025-05-06 13:45
VLAI
Title
PyTorch nccl.py torch.cuda.nccl.reduce denial of service
Summary
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.
Severity
CWE
- CWE-404 - Denial of Service
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.307394 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.307394 | signaturepermissions-required |
| https://vuldb.com/?submit.553644 | third-party-advisory |
| https://github.com/pytorch/pytorch/issues/150836 | issue-tracking |
| https://github.com/pytorch/pytorch/pull/150923 | issue-tracking |
| https://github.com/pytorch/pytorch/issues/150836#… | exploitissue-tracking |
| https://github.com/Divigroup-RAP/PYTORCH/commit/5… | patch |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4287",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T13:45:40.869046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T13:45:53.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PyTorch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.6.0+cu124"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Default436352 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in PyTorch 2.6.0+cu124 ausgemacht. Hierbei geht es um die Funktion torch.cuda.nccl.reduce der Datei torch/cuda/nccl.py. Durch Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T20:00:11.130Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-307394 | PyTorch nccl.py torch.cuda.nccl.reduce denial of service",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.307394"
},
{
"name": "VDB-307394 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.307394"
},
{
"name": "Submit #553644 | pytorch pytorch (in torch.cuda.nccl.reduce) 2.6.0 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.553644"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/pytorch/pytorch/issues/150836"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/pytorch/pytorch/pull/150923"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/pytorch/pytorch/issues/150836#issue-2979097872"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Divigroup-RAP/PYTORCH/commit/5827d2061dcb4acd05ac5f8e65d8693a481ba0f5"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-05T13:58:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "PyTorch nccl.py torch.cuda.nccl.reduce denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4287",
"datePublished": "2025-05-05T20:00:11.130Z",
"dateReserved": "2025-05-05T11:52:52.630Z",
"dateUpdated": "2025-05-06T13:45:53.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43935 (GCVE-0-2025-43935)
Vulnerability from cvelistv5 – Published: 2026-04-16 17:59 – Updated: 2026-04-16 19:38
VLAI
Summary
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.
Severity
4.4 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00037621… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
9.5.0.0 , < 9.10.1.3
(semver)
Affected: 0 , < 9.12.0.0 (semver) Affected: 9.7.0.0 , < 9.7.1.10 (semver) Affected: 9.5.0.0 , < 9.5.1.5 (semver) |
Date Public
2025-10-01 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T19:38:11.063306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T19:38:28.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "9.10.1.3",
"status": "affected",
"version": "9.5.0.0",
"versionType": "semver"
},
{
"lessThan": "9.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "9.7.1.10",
"status": "affected",
"version": "9.7.0.0",
"versionType": "semver"
},
{
"lessThan": "9.5.1.5",
"status": "affected",
"version": "9.5.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-01T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service."
}
],
"value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404: Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T17:59:04.315Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-43935",
"datePublished": "2026-04-16T17:59:04.315Z",
"dateReserved": "2025-04-20T05:04:01.414Z",
"dateUpdated": "2026-04-16T19:38:28.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4444 (GCVE-0-2025-4444)
Vulnerability from cvelistv5 – Published: 2025-09-18 13:58 – Updated: 2025-09-18 20:41 X_Open Source
VLAI
Title
Tor Onion Service Descriptor resource consumption
Summary
A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.
Severity
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.324814 | vdb-entry |
| https://vuldb.com/?ctiid.324814 | signaturepermissions-required |
| https://vuldb.com/?submit.640605 | third-party-advisory |
| https://github.com/chunmianwang/Tordos | related |
| https://gitlab.torproject.org/tpo/core/tor/-/raw/… | release-notes |
| https://forum.torproject.org/t/alpha-and-stable-r… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Tor |
Affected:
0.4.7.0
Affected: 0.4.7.1 Affected: 0.4.7.2 Affected: 0.4.7.3 Affected: 0.4.7.4 Affected: 0.4.7.5 Affected: 0.4.7.6 Affected: 0.4.7.7 Affected: 0.4.7.8 Affected: 0.4.7.9 Affected: 0.4.7.10 Affected: 0.4.7.11 Affected: 0.4.7.12 Affected: 0.4.7.13 Affected: 0.4.7.14 Affected: 0.4.7.15 Affected: 0.4.7.16 Affected: 0.4.8.0 Affected: 0.4.8.1 Affected: 0.4.8.2 Affected: 0.4.8.3 Affected: 0.4.8.4 Affected: 0.4.8.5 Affected: 0.4.8.6 Affected: 0.4.8.7 Affected: 0.4.8.8 Affected: 0.4.8.9 Affected: 0.4.8.10 Affected: 0.4.8.11 Affected: 0.4.8.12 Affected: 0.4.8.13 Affected: 0.4.8.14 Affected: 0.4.8.15 Affected: 0.4.8.16 Affected: 0.4.8.17 Unaffected: 0.4.8.18 Unaffected: 0.4.9.3-alpha |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4444",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-18T20:41:11.076671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T20:41:21.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Onion Service Descriptor Handler"
],
"product": "Tor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.4.7.0"
},
{
"status": "affected",
"version": "0.4.7.1"
},
{
"status": "affected",
"version": "0.4.7.2"
},
{
"status": "affected",
"version": "0.4.7.3"
},
{
"status": "affected",
"version": "0.4.7.4"
},
{
"status": "affected",
"version": "0.4.7.5"
},
{
"status": "affected",
"version": "0.4.7.6"
},
{
"status": "affected",
"version": "0.4.7.7"
},
{
"status": "affected",
"version": "0.4.7.8"
},
{
"status": "affected",
"version": "0.4.7.9"
},
{
"status": "affected",
"version": "0.4.7.10"
},
{
"status": "affected",
"version": "0.4.7.11"
},
{
"status": "affected",
"version": "0.4.7.12"
},
{
"status": "affected",
"version": "0.4.7.13"
},
{
"status": "affected",
"version": "0.4.7.14"
},
{
"status": "affected",
"version": "0.4.7.15"
},
{
"status": "affected",
"version": "0.4.7.16"
},
{
"status": "affected",
"version": "0.4.8.0"
},
{
"status": "affected",
"version": "0.4.8.1"
},
{
"status": "affected",
"version": "0.4.8.2"
},
{
"status": "affected",
"version": "0.4.8.3"
},
{
"status": "affected",
"version": "0.4.8.4"
},
{
"status": "affected",
"version": "0.4.8.5"
},
{
"status": "affected",
"version": "0.4.8.6"
},
{
"status": "affected",
"version": "0.4.8.7"
},
{
"status": "affected",
"version": "0.4.8.8"
},
{
"status": "affected",
"version": "0.4.8.9"
},
{
"status": "affected",
"version": "0.4.8.10"
},
{
"status": "affected",
"version": "0.4.8.11"
},
{
"status": "affected",
"version": "0.4.8.12"
},
{
"status": "affected",
"version": "0.4.8.13"
},
{
"status": "affected",
"version": "0.4.8.14"
},
{
"status": "affected",
"version": "0.4.8.15"
},
{
"status": "affected",
"version": "0.4.8.16"
},
{
"status": "affected",
"version": "0.4.8.17"
},
{
"status": "unaffected",
"version": "0.4.8.18"
},
{
"status": "unaffected",
"version": "0.4.9.3-alpha"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wocanmei (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In Tor up to 0.4.7.16/0.4.8.17 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Komponente Onion Service Descriptor Handler. Dank der Manipulation mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Ein Upgrade auf Version 0.4.8.18 and 0.4.9.3-alpha ist in der Lage, dieses Problem zu adressieren. Die Aktualisierung der betroffenen Komponente wird empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T14:00:17.385Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-324814 | Tor Onion Service Descriptor resource consumption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.324814"
},
{
"name": "VDB-324814 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.324814"
},
{
"name": "Submit #640605 | Tor \u2264 0.4.8 Memory Management vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.640605"
},
{
"tags": [
"related"
],
"url": "https://github.com/chunmianwang/Tordos"
},
{
"tags": [
"release-notes"
],
"url": "https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes"
},
{
"tags": [
"patch"
],
"url": "https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-16T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2025-09-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-18T16:05:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tor Onion Service Descriptor resource consumption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4444",
"datePublished": "2025-09-18T13:58:52.524Z",
"dateReserved": "2025-05-08T17:01:45.724Z",
"dateUpdated": "2025-09-18T20:41:21.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-3
Phase: Requirements
Strategy: Language Selection
Description:
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Mitigation
Phase: Implementation
Description:
- It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions.
Mitigation
Phase: Implementation
Description:
- Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[].
Mitigation
Phase: Implementation
Description:
- When releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself.
CAPEC-125: Flooding
An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
CAPEC-130: Excessive Allocation
An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.
CAPEC-131: Resource Leak Exposure
An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests.
CAPEC-494: TCP Fragmentation
An adversary may execute a TCP Fragmentation attack against a target with the intention of avoiding filtering rules of network controls, by attempting to fragment the TCP packet such that the headers flag field is pushed into the second fragment which typically is not filtered.
CAPEC-495: UDP Fragmentation
An attacker may execute a UDP Fragmentation attack against a target server in an attempt to consume resources such as bandwidth and CPU. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. Typically the attacker will use large UDP packets over 1500 bytes of data which forces fragmentation as ethernet MTU is 1500 bytes. This attack is a variation on a typical UDP flood but it enables more network bandwidth to be consumed with fewer packets. Additionally it has the potential to consume server CPU resources and fill memory buffers associated with the processing and reassembling of fragmented packets.
CAPEC-496: ICMP Fragmentation
An attacker may execute a ICMP Fragmentation attack against a target with the intention of consuming resources or causing a crash. The attacker crafts a large number of identical fragmented IP packets containing a portion of a fragmented ICMP message. The attacker these sends these messages to a target host which causes the host to become non-responsive. Another vector may be sending a fragmented ICMP message to a target host with incorrect sizes in the header which causes the host to hang.
CAPEC-666: BlueSmacking
An adversary uses Bluetooth flooding to transfer large packets to Bluetooth enabled devices over the L2CAP protocol with the goal of creating a DoS. This attack must be carried out within close proximity to a Bluetooth enabled device.