Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Missing Release of Resource after Effective Lifetime
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Missing Release of Resource after Effective Lifetime
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><2.24-11+deb9u4
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream glibc
package.
See How to fix?
for Debian:9
relevant versions.
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1.3.2-2+deb9u1
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream flac
package.
See How to fix?
for Debian:9
relevant versions.
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active