CVE-2022-39002 Double free vulnerability in the storage module

There is a bug in the code of the module where it happens that accessing, for example, the length of a certain memory location with the help of a certain value, in the end of the access of the same address, with a certain type of value will lead to the freeing of the memory twice.

There is also a bug in the code of the module where it happens that accessing, for example, the length of a certain memory location with the help of a certain value, in the end of the access of the same address, with a certain type of value will lead to the freeing of the memory twice.

CVE-2023-39003

Details of the vulnerability

The bug is located in the function "malloc()" where it happens that accessing, for example, the length of a certain memory location with the help of a certain value, in the end of the access of the same address, with a certain type of value will lead to the freeing of the memory twice.
This vulnerability will lead to an exploitable heap buffer overflow. The exploitation can occur when two pointers are signed differently and then one is used as an index into an array.

Installation and prerequisites

If you get an error during the installation, there might be a problem in your system. In this case, please contact the support team.

The installation requires Python 3.5 to run: The latest version of Python 3 is 3.5.1, which can be obtained from python.org or installed on most systems by running the following command:
sudo easy_install3 -U pip sudo pip3 install --upgrade pip

Timeline

Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/21/2022 12:36:00 UTC

CVE-2023-39003

Details of the vulnerability

Installation and prerequisites

Timeline

References