Double Free

CVE-2017-15364

Medium

5.5/10

Summary

The foreach function in ext/ccsv.c in Ccsv allows remote attackers to cause a Denial of Service (double free and application crash) or possibly have unspecified other impact via a crafted file affecting versions prior to 1.1.0.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-415 - Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References

Advisory
Pull request
Issue

Advisory Timeline

Published Oct 15, 2017

Double Free

CVE-2017-15364

Summary

CWE-415 - Double Free

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS