Memory Leak Vulnerability in Symantec Endpoint Encryption Software
CVE-2017-13683

5.7MEDIUM

Key Information:

Vendor: Symantec Corporation
Status: Symantec Endpoint Encryption
Vendor: CVE Published:; 23 October 2017

Summary

A kernel memory leak was identified in Symantec Endpoint Encryption, specifically prior to version 11.1.3HF3. This vulnerability arises when the software fails to properly manage memory allocations. As a result, memory that is no longer in use is not released back to the system. This can lead to decreased performance, slower system responsiveness, and can potentially allow for enhanced attacks as memory becomes scarce.

Affected Version(s)

Symantec Endpoint Encryption prior to SEE 11.1.3HF3

References

https://www.symantec.com/security_response/securityupdate...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101498

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2017
Vulnerability Reserved
Aug 24, 2017