CVE-2019-14559Missing Release of Memory after Effective Lifetime in Edk2

CWE-401Missing Release of Memory after Effective LifetimeCWE-400Uncontrolled Resource Consumption10 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 28.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedNov 23
Latest updateMay 24

Description

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

Debiantianocore/edk2< 0~20200229.4c0f6e34-1+3

🔴Vulnerability Details

3
GHSA
GHSA-5cmc-7w2j-jpj5: Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access2022-05-24
OSV
CVE-2019-14559: Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access2020-11-23
CVEList
CVE-2019-14559: Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access2020-11-23

📋Vendor Advisories

3
Ubuntu
EDK II vulnerabilities2020-04-30
Red Hat
edk2: memory leak in ArpOnFrameRcvdDpc2020-02-05
Debian
CVE-2019-14559: edk2 - Uncontrolled resource consumption in EDK II may allow an unauthenticated user to...2019

💬Community

3
Bugzilla
CVE-2019-14559 edk2: memory leak in ArpOnFrameRcvdDpc [epel-all]2020-02-10
Bugzilla
CVE-2019-14559 edk2: memory leak in ArpOnFrameRcvdDpc [fedora-all]2020-02-10
Bugzilla
CVE-2019-14559 edk2: memory leak in ArpOnFrameRcvdDpc2019-10-04
CVE-2019-14559 — Tianocore Edk2 vulnerability | cvebase