CVE-2021-42218: 
Linux Debian vulnerability analysis and mitigation

OMPL (Open Motion Planning Library) version 1.5.2 contains a memory leak vulnerability in the VFRRT.cpp file. The vulnerability was discovered on October 7, 2021, and was assigned the identifier CVE-2021-42218. This security issue affects the motion planning functionality within the library (NVD, CVE).

The vulnerability is classified as CWE-401 (Missing Release of Memory after Effective Lifetime). The issue occurs in VFRRT.cpp where a motion object is created with a constructor that allocates a new state, but subsequently, the state in motion is reassigned, causing the originally allocated space to become unreferenced and resulting in a memory leak. The vulnerability has received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The memory leak vulnerability primarily affects the availability of the system. When exploited, it can lead to gradual memory consumption, potentially causing system performance degradation or instability over time. The CVSS scoring indicates high impact on availability while having no direct impact on confidentiality or integrity (NVD).

The recommended mitigation is to use the default constructor instead of the current implementation in VFRRT.cpp line 169. A fix has been proposed through the GitHub issue tracking system to address the memory leak (GitHub Issue).