CVE-2014-2537 — Missing Release of Memory after Effective Lifetime in Sophos Unified Threat Management Software

CWE-3993 documents3 sources

Severity

7.8HIGHNVD

EPSS

1.7%

top 17.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sophos Unified Threat Management Software Sophos Unified Threat Management

Timeline

PublishedMar 18

Latest updateMay 17

Description

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDsophos/unified_threat_management_software9.108+3

▶NVDsophos/unified_threat_management7 versions+6

Patches

Patch: blogs.sophos.com ↗Patch: blogs.sophos.com ↗

🔴Vulnerability Details

GHSA

GHSA-vvm2-f57h-2f5r: Memory leak in the TCP stack in the kernel in Sophos UTM before 9↗2022-05-17

▶

CVEList

CVE-2014-2537: Memory leak in the TCP stack in the kernel in Sophos UTM before 9↗2014-03-18

▶