Ulrik Petersen Emrdos Database Engine up to 1.2.0.x memory leak
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.8 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Ulrik Petersen Emrdos Database Engine up to 1.2.0.x. It has been rated as problematic. Affected by this issue is some unknown functionality. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2006-6395. No exploit is available. Upgrading the affected component is advised.
Details
A vulnerability classified as problematic has been found in Ulrik Petersen Emrdos Database Engine up to 1.2.0.x. This affects an unknown function. The manipulation with an unknown input leads to a memory leak vulnerability. CWE is classifying the issue as CWE-401. The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is going to have an impact on availability. The summary by CVE is:
Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415.
The weakness was published 12/07/2006 (Website). The advisory is shared at sourceforge.net. This vulnerability is uniquely identified as CVE-2006-6395 since 12/07/2006. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.
It is declared as proof-of-concept.
Upgrading to version 1.2.0.pre231 eliminates this vulnerability.
The vulnerability is also documented in the databases at SecurityFocus (BID 21444†) and Secunia (SA23231†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.8
VulDB Base Score: 5.3
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory leakCWE: CWE-401 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Emrdos Database Engine 1.2.0.pre231
Timeline
12/05/2006 🔍12/05/2006 🔍
12/07/2006 🔍
12/07/2006 🔍
12/07/2006 🔍
03/12/2015 🔍
09/26/2017 🔍
Sources
Advisory: sourceforge.netStatus: Not defined
Confirmation: 🔍
CVE: CVE-2006-6395 (🔍)
GCVE (CVE): GCVE-0-2006-6395
GCVE (VulDB): GCVE-100-33705
SecurityFocus: 21444 - Emdros Database Engine Multiple Local Denial of Service Vulnerabilities
Secunia: 23231 - Emdros Local Denial of Service Vulnerabilities, Not Critical
Vupen: ADV-2006-4859
Entry
Created: 03/12/2015 22:21Updated: 09/26/2017 10:47
Changes: 03/12/2015 22:21 (50), 09/26/2017 10:47 (7)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.