CWE-590
10 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-590page 1 of 1
- CVE-2020-6016CRITICALCVSS 9.8EG 9.82020-11-18
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the h…
- CVE-2021-39218MEDIUMCVSS 6.3EG 6.32021-09-17
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when run…
- CVE-2021-3939HIGHCVSS 7.8EG 7.82021-11-17
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This …
- CVE-2021-42377CRITICALCVSS 9.8EG 9.82021-11-15
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code exec…
- CVE-2022-31625HIGHCVSS 8.1EG 9.82022-06-16
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized dat…
- CVE-2022-31627HIGHCVSS 7.7EG 9.82022-07-28
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corrupt…
- CVE-2023-22291HIGHCVSS 7.0EG 7.82023-04-05
An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provid…
- CVE-2023-25565HIGHCVSS 7.5EG 7.52023-02-14
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assume…
- CVE-2023-31973MEDIUMCVSS 5.5EG 5.52023-05-09
yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
- CVE-2023-42459HIGHCVSS 8.6EG 8.62023-10-16
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This c…
Map vulnerabilities like CWE-590 to your infrastructure
EchelonGraph correlates every CVE — across CWE-590 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →