Vulnerability Name:

CVE-2017-13682

Assigned:2017-08-24
Published:2017-10-23
Updated:2017-11-16
Summary:In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code.
CVSS v3 Severity:5.7 Medium (CVSS v3 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.0 Medium (Temporal CVSS v3 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
4.2 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
3.7 Low (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:2.3 Low (CVSS v2 Vector: AV:A/AC:M/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.3 Low (CCN CVSS v2 Vector: AV:A/AC:M/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
References:Source: BID
Type: VENDOR_ADVISORY
101497

Source: XF
Type: UNKNOWN
symantec-cve201713682-dos(134011)

Source: CONFIRM
Type: VENDOR_ADVISORY
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171009_00

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:encryption_desktop:10.3.0::~~professional~~~:*:*:*:*:*
  • OR cpe:/a:symantec:encryption_desktop:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:encryption_desktop:10.3.1::~~professional~~~:*:*:*:*:*
  • OR cpe:/a:symantec:encryption_desktop:10.3.2:-:~~professional~~~:*:*:*:*:*
  • OR cpe:/a:symantec:encryption_desktop:10.3.2:mp1:~~professional~~~:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK
    symantec encryption_desktop 10.3.0
    symantec encryption_desktop 10.3.0
    symantec encryption_desktop 10.3.1
    symantec encryption_desktop 10.3.1
    symantec encryption_desktop 10.3.2 -
    symantec encryption_desktop 10.3.2 mp1