Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) — Vulnerability Class 215

215 vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)). AI Chinese analysis included.

CWE-401 represents a memory management weakness where software fails to release allocated memory after its effective lifetime, leading to resource exhaustion. This defect typically manifests as a denial-of-service condition rather than direct code execution, as the continuous accumulation of unreleased memory gradually depletes system resources. Attackers exploit this by triggering repeated allocations, causing the application or host to crash when memory limits are reached. Developers prevent this by implementing rigorous memory lifecycle management, ensuring every allocation has a corresponding deallocation call. Utilizing automated static analysis tools helps identify leaks during development, while adopting garbage-collected languages or smart pointers in C++ can significantly reduce the risk. Regular memory profiling during testing further ensures that allocated resources are properly returned to the system, maintaining application stability and preventing resource starvation.

MITRE CWE Description
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a l…
OtherReduce Performance
Mitigations (3)
ImplementationChoose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer…
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
Architecture and Design, Build and CompilationConsider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
Effectiveness: Moderate
Examples (1)
The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:
char* getBlock(int fd) { char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; } if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { return NULL; } return buf; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory Increase — Apache HTTP Server 9.1 -2025-07-10
CVE-2025-7068 HDF5 H5FL.c H5FL__malloc memory leak — HDF5 3.3 Low2025-07-04
CVE-2025-6498 HTACG tidy-html5 alloc.c defaultAlloc memory leak — tidy-html5 3.3 Low2025-06-23
CVE-2025-29828 Windows Schannel Remote Code Execution Vulnerability — Windows 11 version 22H2 8.1 High2025-06-10
CVE-2025-5324 TechPowerUp GPU-Z 0x8000645C IOCTL GPU-Z.sys sub_140001880 memory leak — GPU-Z 3.3 Low2025-05-29
CVE-2025-47935 Multer vulnerable to Denial of Service via memory leaks from unclosed streams — multer 7.5 High2025-05-19
CVE-2025-47279 undici Denial of Service attack via bad certificate data — undici 3.1 Low2025-05-15
CVE-2025-22886 distributeddatamgr_udmf has a memory leak vulnerability — OpenHarmony 3.3 Low2025-05-06
CVE-2025-1992 IBM Db2 denial of service — Db2 for Linux, UNIX and Windows 5.3 Medium2025-05-05
CVE-2025-46420 Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c 6.5 Medium2025-04-24
CVE-2025-30658 Junos OS: SRX Series: On devices with Anti-Virus enabled, malicious server responses will cause memory to leak ultimately causing forwarding to stop — Junos OS 7.5 High2025-04-09
CVE-2025-30647 Junos OS: MX Series: Subscriber login/logout activity will lead to a memory leak — Junos OS 6.5 Medium2025-04-09
CVE-2025-21595 Junos OS and Junos OS Evolved: In an EVPN-VXLAN scenario specific ARP or NDP packets cause FPC to crash — Junos OS 6.5 Medium2025-04-09
CVE-2025-25057 third_party_NuttX has a memory leak vulnerability — OpenHarmony 3.3 Low2025-04-07
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak — Binutils 3.3 Low2025-04-04
CVE-2024-6875 Infinispan: infinispan: rest compare api has buffer leak 6.5 Medium2025-03-28
CVE-2025-29910 CryptoLib's crypto_handle_incrementing_nontransmitted_counter Function has Memory Leak — CryptoLib 7.5 -2025-03-17
CVE-2024-9135 On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping. — EOS 5.3 Medium2025-03-04
CVE-2025-20011 Communication Dsoftbus has a memory leak vulnerability — OpenHarmony 3.3 Low2025-03-04
CVE-2025-1816 FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak — FFmpeg 4.3 Medium2025-03-02
CVE-2025-1634 Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout 7.5 High2025-02-26
CVE-2025-25199 BCryptGenerateSymmetricKey memory leak — go-crypto-winnative 7.5 High2025-02-12
CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak — Binutils 3.1 Low2025-02-10
CVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leak — Binutils 3.1 Low2025-02-10
CVE-2025-1150 GNU Binutils ld libbfd.c bfd_malloc memory leak — Binutils 3.1 Low2025-02-10
CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak — Binutils 3.1 Low2025-02-10
CVE-2025-1148 GNU Binutils ld ldelfgen.c link_order_scan memory leak — Binutils 3.1 Low2025-02-10
CVE-2025-21091 BIG-IP SNMP vulnerability — BIG-IP 7.5 High2025-02-05
CVE-2025-21599 Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service — Junos OS Evolved 7.5 High2025-01-09
CVE-2024-53984 Nanopb does not release memory on error return when using PB_DECODE_DELIMITED — nanopb 4.3 Medium2024-12-02

Vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) represent 215 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.