Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) — Vulnerability Class 215

215 vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)). AI Chinese analysis included.

CWE-401 represents a memory management weakness where software fails to release allocated memory after its effective lifetime, leading to resource exhaustion. This defect typically manifests as a denial-of-service condition rather than direct code execution, as the continuous accumulation of unreleased memory gradually depletes system resources. Attackers exploit this by triggering repeated allocations, causing the application or host to crash when memory limits are reached. Developers prevent this by implementing rigorous memory lifecycle management, ensuring every allocation has a corresponding deallocation call. Utilizing automated static analysis tools helps identify leaks during development, while adopting garbage-collected languages or smart pointers in C++ can significantly reduce the risk. Regular memory profiling during testing further ensures that allocated resources are properly returned to the system, maintaining application stability and preventing resource starvation.

MITRE CWE Description
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a l…
OtherReduce Performance
Mitigations (3)
ImplementationChoose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer…
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
Architecture and Design, Build and CompilationConsider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
Effectiveness: Moderate
Examples (1)
The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:
char* getBlock(int fd) { char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; } if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { return NULL; } return buf; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-43506 Prosody 安全漏洞 — Prosody 5.3 Medium2026-05-01
CVE-2026-7379 Missing Release of Memory after Effective Lifetime in Wireshark — Wireshark 5.5 Medium2026-04-30
CVE-2026-40336 libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondary enumeration list in ptp-pack.c — libgphoto2 2.4 Low2026-04-17
CVE-2026-33775 Junos OS: MX Series: Mismatch between configured and received packet types causes memory leak in bbe-smgd — Junos OS 6.5 Medium2026-04-09
CVE-2026-33782 Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts — Junos OS 6.5 Medium2026-04-09
CVE-2026-33780 Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald — Junos OS 6.5 Medium2026-04-09
CVE-2026-34052 LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service) — ltiauthenticator 5.9 Medium2026-04-03
CVE-2026-3650 Grassroots DICOM Missing release of memory after effective lifetime — Grassroots DICOM (GDCM) 7.5 High2026-03-26
CVE-2026-4247 TCP: remotely exploitable DoS vector (mbuf leak) — FreeBSD 7.5 -2026-03-26
CVE-2026-20012 Cisco多款产品 安全漏洞 — IOS 8.6 High2026-03-25
CVE-2026-33852 Missing Release of Memory after Effective Lifetime in MolotovCherry Android-ImageMagick7 — Android-ImageMagick7 7.5 High2026-03-24
CVE-2026-33856 Missing Release of Memory after Effective Lifetime in MolotovCherry Android-ImageMagick7 — Android-ImageMagick7 7.5 High2026-03-24
CVE-2026-32874 UltraJSON has a Memory Leak parsing large integers allows DoS — ultrajson 7.5 High2026-03-20
CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens — openwrt 7.5 -2026-03-19
CVE-2026-0639 liteos_a has a missing release of memory vulnerability — OpenHarmony 3.3 Low2026-03-16
CVE-2026-20021 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 4.3 Medium2026-03-04
CVE-2026-20015 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 5.8 Medium2026-03-04
CVE-2026-20014 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 7.7 High2026-03-04
CVE-2026-20013 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 5.8 Medium2026-03-04
CVE-2026-20106 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 5.3 Medium2026-03-04
CVE-2026-20105 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 7.7 High2026-03-04
CVE-2026-25988 ImageMagick's MSL image stack index not refreshed, leading to leaked images. — ImageMagick 5.3 Medium2026-02-24
CVE-2026-25969 ImageMagick has Memory Leak in coders/ashlar.c — ImageMagick 5.3 Medium2026-02-24
CVE-2026-25796 ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths — ImageMagick 5.3 Medium2026-02-24
CVE-2026-25638 ImageMagick has memory leak in msl encoder — ImageMagick 5.3 Medium2026-02-24
CVE-2026-25637 ImageMagick: Possible memory leak in ASHLAR encoder — ImageMagick 5.3 Medium2026-02-24
CVE-2026-21438 webtransport-go affected by a Memory Exhaustion Attack due to Missing Cleanup of Streams Map — webtransport-go 5.3 Medium2026-02-12
CVE-2025-15572 wasm3 NewCodePage memory leak — wasm3 3.3 Low2026-02-10
CVE-2025-47397 Improper Release of Memory Before Removing Last Reference in Graphics — Snapdragon 7.8 High2026-02-02
CVE-2026-1757 Libxml2: memory leak leading to local denial of service in xmllint interactive shell — Red Hat Hardened Images 6.2 Medium2026-02-02

Vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) represent 215 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.