Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) — Vulnerability Class 215

215 vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)). AI Chinese analysis included.

CWE-401 represents a memory management weakness where software fails to release allocated memory after its effective lifetime, leading to resource exhaustion. This defect typically manifests as a denial-of-service condition rather than direct code execution, as the continuous accumulation of unreleased memory gradually depletes system resources. Attackers exploit this by triggering repeated allocations, causing the application or host to crash when memory limits are reached. Developers prevent this by implementing rigorous memory lifecycle management, ensuring every allocation has a corresponding deallocation call. Utilizing automated static analysis tools helps identify leaks during development, while adopting garbage-collected languages or smart pointers in C++ can significantly reduce the risk. Regular memory profiling during testing further ensures that allocated resources are properly returned to the system, maintaining application stability and preventing resource starvation.

MITRE CWE Description
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a l…
OtherReduce Performance
Mitigations (3)
ImplementationChoose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer…
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
Architecture and Design, Build and CompilationConsider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
Effectiveness: Moderate
Examples (1)
The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:
char* getBlock(int fd) { char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; } if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { return NULL; } return buf; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2024-47493 Junos OS: MX Series: Trio-based FPCs: Continuous physical Interface flaps causes local FPC to crash — Junos OS 6.5 Medium2024-10-11
CVE-2024-8376 Memory leak — Mosquitto 9.1 -2024-10-11
CVE-2024-43696 Liteos_a has an Memory Leak vulnerability — OpenHarmony 3.3 Low2024-10-08
CVE-2024-20304 Cisco IOS XR Software Packet Memory Exhaustion Vulnerability — Cisco IOS XR Software 8.6 High2024-09-11
CVE-2024-7884 Memory leak when calling a canister method via `ic_cdk::call` — ic-cdk 7.5 High2024-09-05
CVE-2024-41172 Apache CXF: Unrestricted memory consumption in CXF HTTP clients — Apache CXF 7.5 -2024-07-19
CVE-2024-39550 Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service — Junos OS 6.5 Medium2024-07-11
CVE-2024-39549 Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leak — Junos OS 7.5 High2024-07-11
CVE-2024-39539 Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash — Junos OS 5.3 Medium2024-07-11
CVE-2024-39536 Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak — Junos OS 5.3 Medium2024-07-11
CVE-2024-3653 Undertow: learningpushhandler can lead to remote memory dos attacks 5.3 Medium2024-07-08
CVE-2024-5294 D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability — DIR-3040 6.5AIMediumAI2024-05-23
CVE-2024-4435 BTreeMap memory leak when deallocating nodes with overflows — ic-stable-structures 5.9 Medium2024-05-21
CVE-2024-21609 Junos OS: MX Series with SPC3, and SRX Series: If specific IPsec parameters are negotiated iked will crash due to a memory leak — Junos OS 6.5 Medium2024-04-12
CVE-2024-1023 Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx 6.5 Medium2024-03-27
CVE-2024-1394 Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads — Red Hat Ansible Automation Platform 2.4 for RHEL 8 7.5 High2024-03-21
CVE-2023-33086 Improper Release of Memory Before Removing Last Reference in Data Modem — Snapdragon 7.5 High2024-03-04
CVE-2023-33084 Improper Release of Memory Before Removing Last Reference in Data Modem — Snapdragon 7.5 High2024-03-04
CVE-2024-0240 Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients — GSDK 6.5 Medium2024-02-15
CVE-2023-33049 Improper Release of Memory Before Removing Last Reference in Multi-Mode Call Processor — Snapdragon 7.5 High2024-02-06
CVE-2024-21613 Junos OS and Junos OS Evolved: A link flap causes patroot memory leak which leads to rpd crash — Junos OS 6.5 Medium2024-01-12
CVE-2024-21611 Junos OS and Junos OS Evolved: In a jflow scenario continuous route churn will cause a memory leak and eventually an rpd crash — Junos OS 7.5 High2024-01-12
CVE-2024-21599 Junos OS: MX Series: MPC3E memory leak with PTP configuration — Junos OS 6.5 Medium2024-01-12
CVE-2023-7192 Kernel: refcount leak in ctnetlink_create_conntrack() — Red Hat Enterprise Linux 8.2 Advanced Update Support 5.5 Medium2024-01-02
CVE-2023-38380 Siemens SIMATIC CP 1242-7 安全漏洞 — SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) 7.5 High2023-12-12
CVE-2023-6299 Apryse iText Reference Table PdfDocument.java memory leak — iText 4.3 Medium2023-11-26
CVE-2023-5954 Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption — Vault 5.9 Medium2023-11-09
CVE-2023-43076 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.5 Medium2023-11-02
CVE-2023-5349 Draw while calling getdrawinfo() — rmagick 5.3 Medium2023-10-30
CVE-2023-44193 Junos OS: MX Series: An FPC crash is observed when CFM is enabled in a VPLS scenario and a specific LDP related command is run — Junos OS 5.5 Medium2023-10-12

Vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) represent 215 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.