Lucene search

GoogleOSV:CVE-2023-30637

HistoryApr 13, 2023 - 11:15 p.m.

CVE-2023-30637

2023-04-1323:15:11

Google

osv.dev

baidu braft

memory leak

cve-2023-30637

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

33.7%

JSON

Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.

CPENameOperatorVersion
brafteq1.0.0
brafteq1.1.1
brafteq1.0.2
brafteq1.1.2
brafteq1.1.0

Name	Operator	Version
braft	eq	1.0.0
braft	eq	1.1.1
braft	eq	1.0.2
braft	eq	1.1.2
braft	eq	1.1.0

References

github.com/baidu/braft/issues/393

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

33.7%

JSON

Related for OSV:CVE-2023-30637