Severity by source
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.
AnalysisAI
A Use After Free (UAF) vulnerability exists in No-Chicken Echo-Mate prior to version V250329, allowing an attacker with high privileges to cause memory corruption that may lead to information disclosure, data integrity violations, or denial of service. The vulnerability is classified as CWE-416 and carries a CVSS score of 6.4; a security patch is available from the vendor via GitHub pull request.
Technical ContextAI
The vulnerability is rooted in CWE-416 (Use After Free), a classic memory safety issue where the application references memory that has already been freed or deallocated. In Echo-Mate (identified via CPE cpe:2.3:a:no-chicken:echo-mate:*:*:*:*:*:*:*:*), improper memory lifecycle management allows attackers to access or manipulate freed memory regions. This typically occurs in applications written in memory-unsafe languages (C/C++) or in language runtimes with manual memory management. The consequence is potential corruption of in-flight data structures, leading to cascading failures in confidentiality, integrity, and availability.
RemediationAI
Upgrade No-Chicken Echo-Mate to version V250329 or later. Review and merge the vendor patch available at https://github.com/No-Chicken/Echo-Mate/pull/5 into your deployment. Until patching is completed, restrict high-privilege account access to Echo-Mate to only trusted users and administrators, enforce principle of least privilege for service accounts running Echo-Mate, and monitor process memory and system logs for signs of memory corruption or unexpected crashes. Consider isolating Echo-Mate instances in sandboxed or containerized environments to limit lateral movement if exploitation occurs.
A Use After Free vulnerability exists in the No-Chicken Echo-Mate SDK, specifically within the kernel memory management
Improper handling of values in the netfilter modules of Echo-Mate SDK versions before V250329 allows local attackers wit
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14770
GHSA-g2m8-xr2q-wqp9