How severe is CVE-2024-4435?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-4435?

This is classified as CWE-401, which is a common weakness in software security.

CVE-2024-4435

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-401

View all →

Vulnerability Description

When storing unbounded types in a BTreeMap, a node is represented as a linked list of "memory chunks". It was discovered recently that when we deallocate a node, in some cases only the first memory chunk is deallocated, and the rest of the memory chunks remain (incorrectly) allocated, causing a memory leak. In the worst case, depending on how a canister uses the BTreeMap, an adversary could interact with the canister through its API and trigger interactions with the map that keep consuming memory due to the memory leak. This could potentially lead to using an excessive amount of memory, or even running out of memory. This issue has been fixed in #212 https://github.com/dfinity/stable-structures/pull/212 by changing the logic for deallocating nodes to ensure that all of a node's memory chunks are deallocated and users are asked to upgrade to version 0.6.4.. Tests have been added to prevent regressions of this nature moving forward. Note: Users of stable-structure < 0.6.0 are not affected. Users who are not storing unbounded types in BTreeMap are not affected and do not need to upgrade. Otherwise, an upgrade to version 0.6.4 is necessary.

CVE-2017-15094

MEDIUM

CVSS:5.9(Medium)

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are o...

CWE-4012017

CVE-2019-19076

MEDIUM

CVSS:5.9(Medium)

A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consump...

CWE-4012019

CVE-2019-19080

MEDIUM

CVSS:5.9(Medium)

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory...

CWE-4012019

CVE-2019-19081

MEDIUM

CVSS:5.9(Medium)

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory c...

CWE-4012019

CVE-2019-5023

MEDIUM

CVSS:5.9(Medium)

An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4...

CWE-4012019

CVE-2019-6608

MEDIUM

CVSS:5.9(Medium)

On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized S...

CWE-4012019

CVE-2024-4435

Vulnerability Description

Related Vulnerabilities

CVE-2017-15094

CVE-2019-19076

CVE-2019-19080

CVE-2019-19081

CVE-2019-5023

CVE-2019-6608