Heap overflow

2018-08-3118:29:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release (‘Heap Inspection’) vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.

CPENameOperatorVersion
bsafege4.0.0
bsafelt4.0.11
bsafege4.1.0
bsafelt4.1.6.1
application_testing_suiteeq13.3.0.1
communications_analyticseq12.1.1
communications_ip_service_activatoreq7.4.0
communications_ip_service_activatoreq7.3.0
core_rdbmseq11.2.0.4
core_rdbmseq12.2.0.1

Name	Operator	Version
bsafe	ge	4.0.0
bsafe	lt	4.0.11
bsafe	ge	4.1.0
bsafe	lt	4.1.6.1
application_testing_suite	eq	13.3.0.1
communications_analytics	eq	12.1.1
communications_ip_service_activator	eq	7.4.0
communications_ip_service_activator	eq	7.3.0
core_rdbms	eq	11.2.0.4
core_rdbms	eq	12.2.0.1