Vulnerabilities > CVE-2017-1000172 - Use After Free vulnerability in Creolabs Gravity 1.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

creolabs

CWE-416

critical

NVD

Published: 2017-11-17

Updated: 2017-11-30

Summary

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition.

Vulnerable Configurations

Part	Description	Count
Application	Creolabs Creolabs Gravity 1.0	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/marcobambini/gravity/issues/144