Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:33224
HistoryDec 10, 2021 - 7:25 a.m.

Use After Free

2021-12-1007:25:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
25
libsepol vulnerability classpermission software

EPSS

0.001

Percentile

40.6%

libsepol is vulnerable to use after free. The vulnerability exists due to a lack of setting the set field of cil_reset_classpermission to NULL instead of resetting the classpermission when freeing the pointer.

Affected configurations

Vulners
Node
-libsepolMatch2.9_1.el8
OR
-libsepolMatch2.8_2.el8
OR
-libsepolMatch2.9_2.el8
OR
-libsepolMatch2.9_1.el8
OR
-libsepolMatch2.8_2.el8
OR
-libsepolMatch2.9_2.el8
VendorProductVersionCPE
-libsepol2.9_1.el8cpe:2.3:a:-:libsepol:2.9_1.el8:*:*:*:*:*:*:*
-libsepol2.8_2.el8cpe:2.3:a:-:libsepol:2.8_2.el8:*:*:*:*:*:*:*
-libsepol2.9_2.el8cpe:2.3:a:-:libsepol:2.9_2.el8:*:*:*:*:*:*:*