Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) — Vulnerability Class 215

215 vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)). AI Chinese analysis included.

CWE-401 represents a memory management weakness where software fails to release allocated memory after its effective lifetime, leading to resource exhaustion. This defect typically manifests as a denial-of-service condition rather than direct code execution, as the continuous accumulation of unreleased memory gradually depletes system resources. Attackers exploit this by triggering repeated allocations, causing the application or host to crash when memory limits are reached. Developers prevent this by implementing rigorous memory lifecycle management, ensuring every allocation has a corresponding deallocation call. Utilizing automated static analysis tools helps identify leaks during development, while adopting garbage-collected languages or smart pointers in C++ can significantly reduce the risk. Regular memory profiling during testing further ensures that allocated resources are properly returned to the system, maintaining application stability and preventing resource starvation.

MITRE CWE Description
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a l…
OtherReduce Performance
Mitigations (3)
ImplementationChoose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer…
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
Architecture and Design, Build and CompilationConsider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
Effectiveness: Moderate
Examples (1)
The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:
char* getBlock(int fd) { char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; } if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { return NULL; } return buf; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2023-22392 Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as the hardware doesn't support them, lead to an FPC heap memory leak — Junos OS 6.5 Medium2023-10-12
CVE-2023-40534 BIG-IP HTTP/2 vulnerability — BIG-IP 7.5 High2023-10-10
CVE-2022-4132 Memory leak on tls connections — jss 5.9 Medium2023-10-04
CVE-2023-3592 Eclipse Mosquitto 安全漏洞 — Mosquitto 5.8 Medium2023-10-02
CVE-2023-20251 Cisco Wireless LAN Controller 缓冲区错误漏洞 — Cisco Wireless LAN Controller (WLC) 6.1 Medium2023-09-27
CVE-2023-5156 Glibc: dos due to memory leak in getaddrinfo.c — Red Hat Enterprise Linux 6 7.5 High2023-09-25
CVE-2023-4513 Missing Release of Memory after Effective Lifetime in Wireshark — Wireshark 5.3 Medium2023-08-24
CVE-2023-32247 Session setup memory exhaustion denial-of-service vulnerability — kernel 7.5 High2023-07-24
CVE-2023-34450 CometBFT PeerState JSON serialization deadlock — cometbft 3.7 Low2023-07-03
CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures — cometbft 8.2 High2023-07-03
CVE-2023-2683 Connection update while closing connection may lead to denial-of-service — Bluetooth SDK 5.3 Medium2023-06-15
CVE-2023-2602 libcap 安全漏洞 — libcap 7.5 -2023-06-06
CVE-2023-2618 OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak — wechat_qrcode Module 5.3 Medium2023-05-10
CVE-2023-29163 BIG-IP UDP Profile vulnerability — BIG-IP 7.5 High2023-05-03
CVE-2023-21666 Improper Release of Memory Before Removing Last Reference (`Memory Leak`) in Graphics — Snapdragon 8.4 High2023-05-02
CVE-2023-28982 Junos OS and Junos OS Evolved: In a BGP rib sharding scenario when a route is frequently updated an rpd memory leak will occur — Junos OS 7.5 High2023-04-17
CVE-2023-24511 On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. — EOS 5.3 Medium2023-04-12
CVE-2023-1074 Linux kernel 安全漏洞 — kernel 5.5 -2023-03-27
CVE-2023-28096 OpenSIPS has memory leak in cJSON lib — opensips 4.5 Medium2023-03-15
CVE-2023-25566 GSS-NTLMSSP vulnerable to memory leak when parsing usernames — gss-ntlmssp 7.5 High2023-02-14
CVE-2023-22395 Junos OS: In an MPLS scenario the processing of specific packets to the device causes a buffer leak and ultimately a loss of connectivity — Junos OS 6.5 Medium2023-01-12
CVE-2023-22406 Junos OS and Junos OS Evolved: A memory leak which will ultimately lead to an rpd crash will be observed when a peer interface flaps continuously in a Segment Routing scenario using OSPF — Junos OS 6.5 Medium2023-01-12
CVE-2023-22410 Junos OS: MX Series with MPC10/MPC11: When Suspicious Control Flow Detection (scfd) is enabled and an attacker is sending specific traffic, this causes a memory leak. — Junos OS 7.5 High2023-01-12
CVE-2023-22414 Junos OS: PTX Series and QFX10000 Series: An FPC memory leak is observed when specific EVPN VXLAN Multicast packets are processed — Junos OS 6.5 Medium2023-01-12
CVE-2023-22417 Junos OS: SRX Series: A memory leak might be observed in IPsec VPN scenario leading to an FPC crash — Junos OS 7.5 High2023-01-12
CVE-2022-3629 Linux Kernel af_vsock.c vsock_connect memory leak — Kernel 2.6 Low2022-10-21
CVE-2022-3633 Linux Kernel transport.c j1939_session_destroy memory leak — Kernel 3.5 Low2022-10-21
CVE-2022-3577 Linux kernel 缓冲区错误漏洞 — Kernel 7.8 -2022-10-20
CVE-2022-41832 BIG-IP SIP vulnerability CVE-2022-41832 — BIG-IP 7.5 High2022-10-19
CVE-2022-41624 BIG-IP iRules vulnerability CVE-2022-41624 — BIG-IP 7.5 High2022-10-19

Vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) represent 215 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.