CVE-2017-17164 — Missing Release of Resource after Effective Lifetime in Technologies CO LTD Secospace Antiddos8000

CWE-772 — Missing Release of Resource after Effective Lifetime3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 60.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies CO LTD Secospace Antiddos8000 Huawei Secospace Antiddos8000 Firmware

Timeline

PublishedFeb 15

Latest updateMay 13

Description

Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vulnerability due to memory don't be released when the system open some function. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDhuawei/secospace_antiddos8000_firmwarev500r001c20spc500

▶CVEListV5huawei_technologies_co_ltd/secospace_antiddos8000V500R001C20SPC500

🔴Vulnerability Details

GHSA

GHSA-6vqh-x4xp-mqx7: Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vulnerability due to memory don't be released when the system open some function↗2022-05-13

▶

CVEList

CVE-2017-17164: Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vulnerability due to memory don't be released when the system open some function↗2018-02-15

▶