CVE-2006-0121Missing Release of Memory after Effective Lifetime in IBM Lotus Domino

3 documents3 sources
Severity
7.8HIGHNVD
EPSS
1.1%
top 22.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Lotus DominoIBM Lotus Domino Enterprise ServerIBM Lotus Notes
Timeline
PublishedJan 9
Latest updateMay 1

Description

Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

NVDibm/lotus_notes5 versions+4
NVDibm/lotus_domino5 versions+4

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-534x-f3w4-g6x6: Multiple memory leaks in IBM Lotus Notes and Domino Server before 62022-05-01
CVEList
CVE-2006-0121: Multiple memory leaks in IBM Lotus Notes and Domino Server before 62006-01-09
CVE-2006-0121 — IBM Lotus Domino vulnerability | cvebase