Primary

Context

spdlog Resource Consumption Vulnerability in Pattern Formatter

Vulnerability

A resource consumption vulnerability has been identified in spdlog versions through 1.15.1. The issue arises in the 'scoped_padder' function within 'include/spdlog/pattern_formatter-inl.h'. This vulnerability allows for uncontrolled memory allocation, leading to a denial-of-service condition. The problem can be exploited locally with specially crafted input.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by leading to excessive memory allocation, which can exhaust available system resources.

Reproduction

The vulnerability can be reproduced by compiling spdlog with Clang and using the OSS-Fuzz 'format_fuzzer' tool. After compiling the fuzzer, it can be executed with a specific input file that triggers the vulnerability.

Remediation

Users are advised to upgrade to spdlog version 1.15.2, which addresses this vulnerability.

Added: Jun 16, 2025, 10:45 PM

Updated: Jun 16, 2025, 10:45 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

spdlog Resource Consumption Vulnerability in Pattern Formatter

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating