Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) — Vulnerability Class 215

215 vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)). AI Chinese analysis included.

CWE-401 represents a memory management weakness where software fails to release allocated memory after its effective lifetime, leading to resource exhaustion. This defect typically manifests as a denial-of-service condition rather than direct code execution, as the continuous accumulation of unreleased memory gradually depletes system resources. Attackers exploit this by triggering repeated allocations, causing the application or host to crash when memory limits are reached. Developers prevent this by implementing rigorous memory lifecycle management, ensuring every allocation has a corresponding deallocation call. Utilizing automated static analysis tools helps identify leaks during development, while adopting garbage-collected languages or smart pointers in C++ can significantly reduce the risk. Regular memory profiling during testing further ensures that allocated resources are properly returned to the system, maintaining application stability and preventing resource starvation.

MITRE CWE Description
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a l…
OtherReduce Performance
Mitigations (3)
ImplementationChoose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer…
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
Architecture and Design, Build and CompilationConsider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
Effectiveness: Moderate
Examples (1)
The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:
char* getBlock(int fd) { char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; } if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { return NULL; } return buf; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-24828 Memory leak in is-Engine — is-Engine 7.5 High2026-01-27
CVE-2026-24825 a memory leak in ydb-platform/ydb with use of yajl_tree_parse function from src/yail module, which will cause out-of-memory in server and cause crash. — ydb 7.1AIHighAI2026-01-27
CVE-2025-14027 Rockwell Automation Recommends Upgrading From 1756-RM2 XT To 1756-RM3 XT — ControlLogix® Redundancy Enhanced Module 7.5AIHighAI2026-01-20
CVE-2026-21909 Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash — Junos OS 6.5 Medium2026-01-15
CVE-2026-22025 CryptoLib Memory Leak on HTTP Error Response in KMC Client — CryptoLib--2026-01-10
CVE-2026-22024 CryptoLib Memory Leak in KMC Encrypt Function Leads to Resource Exhaustion — CryptoLib 7.5 -2026-01-10
CVE-2026-21674 iccDEV has a Memory Leak in its CIccProfileXml::ParseTag() Error Path — iccDEV 3.3 Low2026-01-06
CVE-2025-66033 Improper Memory Cleanup in the Okta Java SDK — okta-sdk-java 5.3 Medium2025-12-10
CVE-2025-64329 containerd CRI server: Host memory exhaustion through Attach goroutine leak — containerd 7.7 -2025-11-07
CVE-2025-46784 Entrouvert Lasso 安全漏洞 — Lasso 7.5 High2025-11-05
CVE-2025-61974 BIG-IP SSL/TLS vulnerability — BIG-IP 7.5 High2025-10-15
CVE-2025-54805 TMM Vulnerability — BIG-IP Next SPK 6.5 Medium2025-10-15
CVE-2025-47150 F5OS SNMP vulnerability — F5OS - Appliance 6.5 Medium2025-10-15
CVE-2025-43816 Liferay Portal和Liferay DXP 安全漏洞 — Portal 7.5AIHighAI2025-09-25
CVE-2025-8277 Libssh: memory exhaustion via repeated key exchange in libssh 3.1 Low2025-09-09
CVE-2025-9165 LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak — LibTIFF 2.5 Low2025-08-19
CVE-2025-20254 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 5.8 Medium2025-08-14
CVE-2025-20252 Cisco Secure Firewall Management Center和Cisco Secure Firewall Adaptive Security Appliance 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 5.8 Medium2025-08-14
CVE-2025-20239 Cisco多款产品 安全漏洞 — IOS 8.6 High2025-08-14
CVE-2025-20225 Cisco多款产品 安全漏洞 — IOS 5.8 Medium2025-08-14
CVE-2025-20224 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 5.8 Medium2025-08-14
CVE-2025-20135 Cisco Adaptive Security Appliance and Firepower Threat Defense Software DHCP Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 4.3 Medium2025-08-14
CVE-2025-20133 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 8.6 High2025-08-14
CVE-2025-27562 communication_dsoftbus has a missing release of memory vulnerability — OpenHarmony 3.3 Low2025-08-11
CVE-2025-24844 communication_dsoftbus has a missing release of memory vulnerability — OpenHarmony 3.3 Low2025-08-11
CVE-2025-24925 applications_settings has a missing release of memory vulnerability — OpenHarmony 3.3 Low2025-08-11
CVE-2025-8225 GNU Binutils DWARF Section dwarf.c process_debug_info memory leak — Binutils 3.3 Low2025-07-27
CVE-2025-53537 LibHTP's memory leak with lzma can lead to resource starvation — libhtp 7.5 High2025-07-23
CVE-2025-46686 Redis 安全漏洞 — Redis 3.5 Low2025-07-23
CVE-2025-52986 Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks — Junos OS 5.5 Medium2025-07-11

Vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) represent 215 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.