PT-2021-22434 · Unknown · Detect-Character-Encoding

Sonicdoe

Published

2021-08-31

Updated

2021-09-08

CVE-2021-39176

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions detect-character-encoding versions 0.3.0 and earlier

Description The issue is related to allocated memory not being released in detect-character-encoding versions 0.3.0 and earlier. This can cause a program using the library to become unavailable when running out of memory, especially if the program is accessible over the internet. The severity of the issue may vary depending on the specific implementation.

Recommendations For detect-character-encoding versions 0.3.0 and earlier, update to version 0.3.1 to resolve the issue. As a temporary workaround, consider restricting the use of the detect-character-encoding library in memory-intensive operations until the update is applied.

Exploit

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

CVE-2021-39176

GHSA-5RWJ-J5M3-3CHJ

Affected Products

Detect-Character-Encoding

PT-2021-22434 · Unknown · Detect-Character-Encoding

CVE-2021-39176

Weakness Enumeration

Related Identifiers

Affected Products

References · 10