CVE-2017-9988

Name of the Vulnerable Software and Affected Versions libming version 0.4.8

Description The issue is related to the readEncUInt30 function in util/read.c, which mishandles memory allocation. A crafted input can lead to a remote denial of service attack, resulting in a NULL pointer dereference against parser.c.

Recommendations For libming version 0.4.8, consider applying a patch or fix that correctly handles memory allocation in the readEncUInt30 function to prevent the NULL pointer dereference. As a temporary workaround, restrict the use of the readEncUInt30 function until a patch is available.