CVE-2017-7295: Use After Free
First published: Sun May 28 2017(Updated: )
An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing function. This resulted in a board crash, which can be used to perform denial of service.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Contiki OS | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-7295?
CVE-2017-7295 has a medium severity rating due to the potential for a NULL pointer dereference.
How do I fix CVE-2017-7295?
To fix CVE-2017-7295, update to a patched version of Contiki Operating System beyond 3.0 that addresses the use-after-free vulnerability.
What components are affected by CVE-2017-7295?
CVE-2017-7295 specifically affects the httpd-simple.c module in the Contiki Operating System 3.0.
What kind of vulnerability is CVE-2017-7295?
CVE-2017-7295 is a use-after-free vulnerability that can lead to unintended behavior in software.
What operational impact can CVE-2017-7295 cause?
CVE-2017-7295 can cause application crashes or unexpected behavior due to improper handling of the http_state structure.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/contiki-os
- canonical/contiki os
- version/contiki os/3.0