CVE Vulnerabilities

CVE-2021-40873

Double Free

Published: Nov 10, 2021 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.

Weakness 

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software 

Name Vendor Start Version End Version
Datafeed_opc_suite Softing * 5.18 (excluding)
Edgeconnector Softing * 2.31 (including)
Opc Softing * 5.66 (excluding)
Secure_integration_server Softing * 1.22 (including)
Th_scope Softing 3.5 (including) *
Uagates Softing * 1.73 (excluding)
Uatoolkit_embedded Softing * 1.40 (excluding)

Potential Mitigations 

References