Release of Invalid Pointer or Reference

CVE-2022-37451

High

7.5/10

Summary

Exim before 4.96-RC0 has an Invalid Free in "pam_converse" in "auths/call_pam.c" because "store_free" is not used after "store_malloc". NOTE: The affected package is not available in a package manager we support.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-763 - Release of Invalid Pointer or Reference

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

References

Advisory

Advisory Timeline

Published Aug 06, 2022

Release of Invalid Pointer or Reference

CVE-2022-37451

Summary

CWE-763 - Release of Invalid Pointer or Reference

References

Advisory Timeline

ChainAlert

JetBrains IDE

Wireshark