Memory Leak Vulnerability in Baidu Braft Version 1.1.2
CVE-2023-30637

7.5HIGH

Key Information:

Vendor: Baidu
Status: Braft
Vendor: CVE Published:; 13 April 2023

What is CVE-2023-30637?

Baidu Braft version 1.1.2 is affected by a memory leak due to improper handling of the new operator in the atomic server implementation. This flaw can lead to excessive memory consumption over time, potentially resulting in degraded performance or system instability. Users should note that installations with brpc version 0.14.0 and later are not impacted by this issue. It is highly recommended for users of Braft 1.1.2 to consider upgrading to mitigate this risk. For more details, please refer to the issue discussed on the official GitHub repository.

References

https://github.com/baidu/braft/issues/393

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2023
Vulnerability Reserved
Apr 13, 2023