CVE-2001-0543 — Missing Release of Memory after Effective Lifetime in Microsoft Windows NT

CWE-401 — Missing Release of Memory after Effective Lifetime3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

8.6%

top 7.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server Microsoft Windows NT

Timeline

PublishedSep 20

Latest updateApr 30

Description

Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/windows_nt4.0

▶NVDmicrosoft/exchange_server2000

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-3hq4-xvv4-32rv: Memory leak in NNTP service in Windows NT 4↗2022-04-30

▶

CVEList

CVE-2001-0543: Memory leak in NNTP service in Windows NT 4↗2002-03-09

▶