Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) — Vulnerability Class 215

215 vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)). AI Chinese analysis included.

CWE-401 represents a memory management weakness where software fails to release allocated memory after its effective lifetime, leading to resource exhaustion. This defect typically manifests as a denial-of-service condition rather than direct code execution, as the continuous accumulation of unreleased memory gradually depletes system resources. Attackers exploit this by triggering repeated allocations, causing the application or host to crash when memory limits are reached. Developers prevent this by implementing rigorous memory lifecycle management, ensuring every allocation has a corresponding deallocation call. Utilizing automated static analysis tools helps identify leaks during development, while adopting garbage-collected languages or smart pointers in C++ can significantly reduce the risk. Regular memory profiling during testing further ensures that allocated resources are properly returned to the system, maintaining application stability and preventing resource starvation.

MITRE CWE Description
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a l…
OtherReduce Performance
Mitigations (3)
ImplementationChoose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer…
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
Architecture and Design, Build and CompilationConsider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
Effectiveness: Moderate
Examples (1)
The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:
char* getBlock(int fd) { char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; } if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { return NULL; } return buf; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-31222 Dell BIOS 安全漏洞 — CPG BIOS 2.3 Low2022-09-12
CVE-2021-3574 ImageMagick 安全漏洞 — ImageMagick 5.5 -2022-08-26
CVE-2021-4213 Linux jss 安全漏洞 — JSS 7.5 -2022-08-24
CVE-2021-3905 Open vSwitch 安全漏洞 — openvswitch (ovs) 7.5 -2022-08-23
CVE-2021-33645 openEuler 安全漏洞 — libtar 6.5 -2022-08-09
CVE-2021-33646 openEuler 安全漏洞 — libtar 6.5 -2022-08-09
CVE-2022-1012 Linux kernel 安全漏洞 — Kernel 8.2 -2022-08-05
CVE-2022-1651 Linux kernel 安全漏洞 — Kernel 7.1 -2022-07-26
CVE-2022-22209 Junos OS: RIB and PFEs can get out of sync due to a memory leak caused by interface flaps or route churn — Junos OS 7.5 High2022-07-20
CVE-2022-22205 Junos OS: SRX Series: An FPC memory leak can occur in an APBR scenario — Junos OS 7.5 High2022-07-20
CVE-2022-22204 Junos OS: MX Series and SRX Series: When receiving a specific SIP packets stale call table entries are created which eventually leads to a DoS for all SIP traffic — Junos OS 5.3 Medium2022-07-20
CVE-2022-20785 ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022 — Cisco AMP for Endpoints 7.5 High2022-05-04
CVE-2022-1515 MATIO 安全漏洞 — matio 5.5 -2022-05-02
CVE-2022-23159 Dell Technologies Dell PowerScale OneFS安全漏洞 — PowerScale OneFS 4.8 Medium2022-04-12
CVE-2022-24756 Missing Release of Memory after Effective Lifetime in Bareos Director — bareos 7.5 High2022-03-15
CVE-2021-3744 Linux kernel 安全漏洞 — kernel 5.5 -2022-03-04
CVE-2021-37205 Siemens SIMATIC S7-1500 系列产品输入验证错误漏洞 — SIMATIC Drive Controller family 7.5 High2022-02-09
CVE-2022-23578 Memory leak in Tensorflow — tensorflow 4.3 Medium2022-02-04
CVE-2022-23585 Memory leak in decoding PNG images in Tensorflow — tensorflow 4.3 Medium2022-02-04
CVE-2022-22173 Junos OS: CRL failing to download causes a memory leak and ultimately a DoS — Junos OS 7.5 High2022-01-19
CVE-2022-22172 Junos OS and Junos OS Evolved: An l2cpd memory leak can occur when specific LLDP packets are received leading to a DoS — Junos OS 6.5 Medium2022-01-19
CVE-2021-23218 Memory Leak in Mirantis Container Runtime (MCR) running in FIPS mode causes a Denial of Service — Mirantis Container Runtime 5.3 Medium2022-01-10
CVE-2021-44542 Privoxy 输入验证错误漏洞 — Privoxy 7.5 -2021-12-23
CVE-2021-44540 Privoxy 输入验证错误漏洞 — Privoxy 7.5 -2021-12-23
CVE-2021-44541 Privoxy 输入验证错误漏洞 — Privoxy 7.5 -2021-12-23
CVE-2021-34598 Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality — FL MGUARD 7.5 High2021-11-10
CVE-2021-31367 Junos OS: PTX Series: An FPC heap memory leak will be triggered by certain Flowspec route operations which can lead to an FPC crash — Junos OS 6.5 Medium2021-10-19
CVE-2021-34698 Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability — Cisco Web Security Appliance (WSA) 8.6 High2021-10-06
CVE-2021-34740 Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability — Cisco Aironet Access Point Software 7.4 High2021-09-23
CVE-2021-39176 Missing Release of Memory after Effective Lifetime in detect-character-encoding — detect-character-encoding 7.5 High2021-08-31

Vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) represent 215 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.