CVE-2007-4158 — Missing Release of Memory after Effective Lifetime in Rendezvous

3 documents3 sources

Severity

7.8HIGHNVD

CNA7.5

EPSS

2.7%

top 14.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Rendezvous

Timeline

PublishedAug 3

Latest updateMay 1

Description

Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDtibco/rendezvous7.5.2, 7.5.3, 7.5.4+2

🔴Vulnerability Details

GHSA

GHSA-x2mf-686w-vjjw: Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7↗2022-05-01

▶

CVEList

CVE-2007-4158: Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7↗2007-08-03

▶