CWE-460
AllowedImproper Cleanup on Thrown Exception
Abstraction: Base · Status: Draft
The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.
40 vulnerabilities reference this CWE, most recent first.
GHSA-359J-4P99-7W98
Vulnerability from github – Published: 2024-01-15 18:30 – Updated: 2024-01-15 18:30Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage.
{
"affected": [],
"aliases": [
"CVE-2024-0316"
],
"database_specific": {
"cwe_ids": [
"CWE-460"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-15T16:15:13Z",
"severity": "MODERATE"
},
"details": "Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage.",
"id": "GHSA-359j-4p99-7w98",
"modified": "2024-01-15T18:30:18Z",
"published": "2024-01-15T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0316"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3P2H-WQQ4-WF4H
Vulnerability from github – Published: 2025-04-28 21:30 – Updated: 2025-11-03 22:55Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.
This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100.
Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.102"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-coyote"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.76"
},
{
"fixed": "9.0.104"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-coyote"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.10"
},
{
"fixed": "10.1.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-coyote"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M2"
},
{
"fixed": "11.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.102"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.76"
},
{
"fixed": "9.0.104"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.10"
},
{
"fixed": "10.1.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M2"
},
{
"fixed": "11.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-coyote"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-31650"
],
"database_specific": {
"cwe_ids": [
"CWE-459",
"CWE-460"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-29T14:59:22Z",
"nvd_published_at": "2025-04-28T20:15:20Z",
"severity": "MODERATE"
},
"details": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100.\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.",
"id": "GHSA-3p2h-wqq4-wf4h",
"modified": "2025-11-03T22:55:48Z",
"published": "2025-04-28T21:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31650"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/1eef1dc459c45f1e421d8bd25ef340fc1cc34edc"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/40ae788c2e64d018b4e58cd4210bb96434d0100d"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/75554da2fc5574862510ae6f0d7b3d78937f1d40"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/b98e74f517b36929f4208506e5adad22cb767baa"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/cba1a0fe1289ee7f5dd46c61c38d1e1ac5437bff"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/f619e6a05029538886d5a9d987925d573b5bb8c2"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-11.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/04/28/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Apache Tomcat Denial of Service via invalid HTTP priority header"
}
GHSA-472W-7W45-G3W5
Vulnerability from github – Published: 2025-04-14 17:49 – Updated: 2025-07-21 16:49Impact
Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In affected versions, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table.
Even during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system's process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic.
This vulnerability affects all users who have configured hook scripts using the --hook option.
Patches
This issue has been fixed in version 0.16.0. Users should upgrade to this version, which properly manages child processes using asynchronous process handling and cleanup.
Workarounds
Users who cannot upgrade immediately can:
- Disable hook scripts by removing the --hook option
- Ensure hook scripts handle their own child process cleanup
- Regularly restart pleezer to clear accumulated zombie processes
References
- Initial report: https://github.com/roderickvd/pleezer/discussions/83#discussioncomment-12818199
- Fix commit: 436a5f1e4c08989b58dbba2b0ffa423458016c2d
- Fixed release: https://github.com/roderickvd/pleezer/releases/tag/v0.16.0
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pleezer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.16.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-32439"
],
"database_specific": {
"cwe_ids": [
"CWE-460",
"CWE-772"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-14T17:49:15Z",
"nvd_published_at": "2025-04-15T20:15:39Z",
"severity": "MODERATE"
},
"details": "### Impact\nHook scripts in pleezer can be triggered by various events like track changes and playback state changes. In affected versions, these scripts were spawned without proper process cleanup, leaving zombie processes in the system\u0027s process table.\n\nEven during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system\u0027s process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic.\n\nThis vulnerability affects all users who have configured hook scripts using the `--hook` option.\n\n### Patches\nThis issue has been fixed in version 0.16.0. Users should upgrade to this version, which properly manages child processes using asynchronous process handling and cleanup.\n\n### Workarounds\nUsers who cannot upgrade immediately can:\n- Disable hook scripts by removing the `--hook` option\n- Ensure hook scripts handle their own child process cleanup\n- Regularly restart pleezer to clear accumulated zombie processes\n\n### References\n- Initial report: https://github.com/roderickvd/pleezer/discussions/83#discussioncomment-12818199\n- Fix commit: 436a5f1e4c08989b58dbba2b0ffa423458016c2d\n- Fixed release: https://github.com/roderickvd/pleezer/releases/tag/v0.16.0",
"id": "GHSA-472w-7w45-g3w5",
"modified": "2025-07-21T16:49:50Z",
"published": "2025-04-14T17:49:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/roderickvd/pleezer/security/advisories/GHSA-472w-7w45-g3w5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32439"
},
{
"type": "WEB",
"url": "https://github.com/roderickvd/pleezer/commit/436a5f1e4c08989b58dbba2b0ffa423458016c2d"
},
{
"type": "PACKAGE",
"url": "https://github.com/roderickvd/pleezer"
},
{
"type": "WEB",
"url": "https://github.com/roderickvd/pleezer/discussions/83#discussioncomment-12818199"
},
{
"type": "WEB",
"url": "https://github.com/roderickvd/pleezer/releases/tag/v0.16.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Pleezer resource exhaustion through uncollected hook script processes"
}
GHSA-55H4-826F-9GPQ
Vulnerability from github – Published: 2024-03-27 18:32 – Updated: 2024-03-27 18:32A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device.
This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition.
{
"affected": [],
"aliases": [
"CVE-2024-20354"
],
"database_specific": {
"cwe_ids": [
"CWE-460"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-27T17:15:53Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device.\n\n This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition.",
"id": "GHSA-55h4-826f-9gpq",
"modified": "2024-03-27T18:32:38Z",
"published": "2024-03-27T18:32:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20354"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-ap-dos-PPPtcVW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-566X-HHRF-QF8M
Vulnerability from github – Published: 2021-08-25 20:50 – Updated: 2023-06-13 19:51After using an assignment operators such as NotNan::add_assign, NotNan::mul_assign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is never NaN. (It could also cause undefined behavior in third-party unsafe code that makes the same assumption, as well as logic errors in safe code.)
This was mitigated starting in version 0.4.0, by panicking if the assigned value is NaN. However, in affected versions from 0.4.0 onward, code that uses the NotNan value during unwinding, or that continues after catching the panic, could still observe the invalid value and trigger undefined behavior.
The flaw is fully corrected in versions 1.1.1 and 2.0.1, by ensuring that the assignment operators panic without modifying the operand, if the result would be NaN.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "ordered-float"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.0"
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "ordered-float"
},
"ranges": [
{
"events": [
{
"introduced": "0.2.2"
},
{
"fixed": "1.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35923"
],
"database_specific": {
"cwe_ids": [
"CWE-460"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T18:54:34Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "After using an assignment operators such as NotNan::add_assign, NotNan::mul_assign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is never NaN. (It could also cause undefined behavior in third-party unsafe code that makes the same assumption, as well as logic errors in safe code.)\n\nThis was mitigated starting in version 0.4.0, by panicking if the assigned value is NaN. However, in affected versions from 0.4.0 onward, code that uses the NotNan value during unwinding, or that continues after catching the panic, could still observe the invalid value and trigger undefined behavior.\n\nThe flaw is fully corrected in versions 1.1.1 and 2.0.1, by ensuring that the assignment operators panic without modifying the operand, if the result would be NaN.",
"id": "GHSA-566x-hhrf-qf8m",
"modified": "2023-06-13T19:51:43Z",
"published": "2021-08-25T20:50:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35923"
},
{
"type": "WEB",
"url": "https://github.com/reem/rust-ordered-float/pull/71"
},
{
"type": "WEB",
"url": "https://github.com/reem/rust-ordered-float/commit/c55cda301c943270b7eb2b4765bedbcce56edb90"
},
{
"type": "WEB",
"url": "https://github.com/reem/rust-ordered-float/commit/da4a8dd49300740a434c095a9c4b408d2415cc08"
},
{
"type": "PACKAGE",
"url": "https://github.com/reem/rust-ordered-float"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0082.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "ordered_float:NotNan may contain NaN after panic in assignment operators"
}
GHSA-5R2R-5WX4-7X33
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2025-02-14 18:30A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2022-4744"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-460"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-30T21:15:00Z",
"severity": "HIGH"
},
"details": "A double-free flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"id": "GHSA-5r2r-5wx4-7x33",
"modified": "2025-02-14T18:30:39Z",
"published": "2023-07-06T19:24:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4744"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230526-0009"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7HWV-GXWQ-2G5P
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2024-04-04 02:40A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.
{
"affected": [],
"aliases": [
"CVE-2019-14891"
],
"database_specific": {
"cwe_ids": [
"CWE-460",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-25T11:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.",
"id": "GHSA-7hwv-gxwq-2g5p",
"modified": "2024-04-04T02:40:30Z",
"published": "2022-05-24T17:01:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14891"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9GWJ-43RX-HRVQ
Vulnerability from github – Published: 2023-10-27 15:30 – Updated: 2023-11-07 21:30gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.
{
"affected": [],
"aliases": [
"CVE-2023-46393"
],
"database_specific": {
"cwe_ids": [
"CWE-460"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-27T14:15:08Z",
"severity": "HIGH"
},
"details": "gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users\u0027 passwords via a crafted packet.",
"id": "GHSA-9gwj-43rx-hrvq",
"modified": "2023-11-07T21:30:23Z",
"published": "2023-10-27T15:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46393"
},
{
"type": "WEB",
"url": "https://gitee.com/gouguopen/gougucms/issues/I88TKH"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C4WJ-P3M6-6483
Vulnerability from github – Published: 2026-03-06 21:30 – Updated: 2026-03-09 18:31GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-69652"
],
"database_specific": {
"cwe_ids": [
"CWE-460"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-06T19:16:10Z",
"severity": "MODERATE"
},
"details": "GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.",
"id": "GHSA-c4wj-p3m6-6483",
"modified": "2026-03-09T18:31:40Z",
"published": "2026-03-06T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69652"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33701"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CF3Q-GQG7-3FM9
Vulnerability from github – Published: 2025-03-21 15:23 – Updated: 2025-03-21 15:43Summary
Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the fail of a websocket handshake will trigger a local reply leading to the crash of Envoy.
PoC
If both websocket and ext_proc are enabled, a failed handshake will trigger a local reply, thus ext_proc will crash.
Mitigation
- Disable websocket traffic
- Change the websocket response from backend to always return
101 Switch protocolbased on RFC. - Apply the patch and the ext_proc filter will not send the local reply that is generated by Envoy to the ext_proc server for processing.
- Apply the patch that the router will cancel the upstream requests when sending a local reply.
Impact
Denial of service
Reporter
Vasilios Syrakis Fernando Cainelli
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/envoyproxy/envoy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.30.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/envoyproxy/envoy"
},
"ranges": [
{
"events": [
{
"introduced": "1.31.0"
},
{
"fixed": "1.31.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/envoyproxy/envoy"
},
"ranges": [
{
"events": [
{
"introduced": "1.32.0"
},
{
"fixed": "1.32.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/envoyproxy/envoy"
},
"ranges": [
{
"events": [
{
"introduced": "1.33.0"
},
{
"fixed": "1.33.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-30157"
],
"database_specific": {
"cwe_ids": [
"CWE-460"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T15:23:50Z",
"nvd_published_at": "2025-03-21T15:15:43Z",
"severity": "MODERATE"
},
"details": "### Summary\nEnvoy\u0027s ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter\u0027s life time issue. A known situation is the fail of a websocket handshake will trigger a local reply leading to the crash of Envoy.\n\n### PoC\nIf both websocket and ext_proc are enabled, a failed handshake will trigger a local reply, thus ext_proc will crash.\n\n### Mitigation\n1. Disable websocket traffic\n2. Change the websocket response from backend to always return `101 Switch protocol` based on RFC.\n3. Apply the patch and the ext_proc filter will not send the local reply that is generated by Envoy to the ext_proc server for processing.\n4. Apply the patch that the router will cancel the upstream requests when sending a local reply.\n\n### Impact\nDenial of service\n\n### Reporter\nVasilios Syrakis\nFernando Cainelli",
"id": "GHSA-cf3q-gqg7-3fm9",
"modified": "2025-03-21T15:43:00Z",
"published": "2025-03-21T15:23:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cf3q-gqg7-3fm9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30157"
},
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/commit/8eda1b8ef5ba8663d16a737ab99458c039a9b53c"
},
{
"type": "PACKAGE",
"url": "https://github.com/envoyproxy/envoy"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Envoy crashes when HTTP ext_proc processes local replies"
}
Mitigation
If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely.
No CAPEC attack patterns related to this CWE.