Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-34480

Опубликовано: 28 июн. 2022
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.

The Mozilla Foundation Security Advisory: Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer is freed despite never being allocated.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. This vulnerability affects non Extended Support Release (ESR) versions of Firefox. Red Hat Enterprise Linux only ships Firefox ESR and therefore, it is not affected by this CVE.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxNot affected
Red Hat Enterprise Linux 10firefox-flatpak-containerNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 9firefoxNot affected
Red Hat Enterprise Linux 9firefox-flatpak-containerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-824
https://bugzilla.redhat.com/show_bug.cgi?id=2359028firefox: Free of uninitialized pointer in lg_init

EPSS

Процентиль: 54%
0.00312
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-34480

CVSS3: 8.8
ubuntu
почти 3 года назад

Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.

nvd логотип

CVE-2022-34480

CVSS3: 8.8
nvd
почти 3 года назад

Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.

debian логотип

CVE-2022-34480

CVSS3: 8.8
debian
почти 3 года назад

Within the <code>lg_init()</code> function, if several allocations suc ...

github логотип

GHSA-gx64-jm35-rwvr

CVSS3: 8.8
github
почти 3 года назад

Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.

suse-cvrf логотип

SUSE-SU-2022:3273-1

suse-cvrf
около 3 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 54%
0.00312
Низкий

7 High

CVSS3