#VU71094 Memory leak in sdl2 - CVE-2022-4743

Cybersecurity Help s.r.o.

Published: 2023-01-11

Vulnerability identifier: #VU71094

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-4743

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
sdl2
Other software / Other software solutions

Vendor: zlib license

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the GLES_CreateTexture() function in render/opengles/SDL_render_gles.c. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

sdl2: 2.0.0 - 2.24.2

External links
https://www.suse.com/support/update/announcement/2023/suse-su-20230069-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for libsdl2

Multiple vulnerabilities in Oracle Solaris third-party software

openEuler update for SDL2

SUSE update for SDL2

Memory leak in SDL2