PT-2021-11126 · Fastream · Fstream

Fitzb

Published

2021-02-16

Updated

2022-05-24

CVE-2020-25340

CVSS v4.0

6.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: NFStream version 5.2.0

Description: An issue in NFStream causes a memory leak due to allocated modules not being correctly freed. This occurs when the nfstream object is directly destroyed without being used after creation, potentially resulting in a local denial of service (DoS).

Recommendations: For NFStream version 5.2.0, ensure the nfstream object is used after creation before destroying it to prevent the memory leak. As a temporary workaround, consider implementing proper memory management for allocated modules to minimize the risk of exploitation.

Exploit

Fix

Memory Leak

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-770

Related Identifiers

CVE-2020-25340

GHSA-WHMQ-CFM5-J8MJ

PYSEC-2021-68

Affected Products

Fstream

PT-2021-11126 · Fastream · Fstream

CVE-2020-25340

Weakness Enumeration

Related Identifiers

Affected Products

References · 11