Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) — Vulnerability Class 215

215 vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)). AI Chinese analysis included.

CWE-401 represents a memory management weakness where software fails to release allocated memory after its effective lifetime, leading to resource exhaustion. This defect typically manifests as a denial-of-service condition rather than direct code execution, as the continuous accumulation of unreleased memory gradually depletes system resources. Attackers exploit this by triggering repeated allocations, causing the application or host to crash when memory limits are reached. Developers prevent this by implementing rigorous memory lifecycle management, ensuring every allocation has a corresponding deallocation call. Utilizing automated static analysis tools helps identify leaks during development, while adopting garbage-collected languages or smart pointers in C++ can significantly reduce the risk. Regular memory profiling during testing further ensures that allocated resources are properly returned to the system, maintaining application stability and preventing resource starvation.

MITRE CWE Description
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a l…
OtherReduce Performance
Mitigations (3)
ImplementationChoose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer…
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
Architecture and Design, Build and CompilationConsider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
Effectiveness: Moderate
Examples (1)
The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:
char* getBlock(int fd) { char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; } if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { return NULL; } return buf; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-34431 Eclipse Mosquitto 安全漏洞 — Eclipse Mosquitto 6.5 -2021-07-22
CVE-2021-0293 Junos OS: Out-of-memory condition and crashes can occur after executing a certain CLI command repeatedly — Junos OS 5.5 Medium2021-07-15
CVE-2021-1598 Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities — Cisco Video Surveillance 7000 Series IP Cameras 6.5 Medium2021-07-08
CVE-2021-1597 Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities — Cisco Video Surveillance 7000 Series IP Cameras 6.5 Medium2021-07-08
CVE-2021-1596 Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities — Cisco Video Surveillance 7000 Series IP Cameras 6.5 Medium2021-07-08
CVE-2021-1595 Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities — Cisco Video Surveillance 7000 Series IP Cameras 6.5 Medium2021-07-08
CVE-2021-3544 QEMU 安全漏洞 — QEMU 6.5 -2021-06-02
CVE-2020-25672 Linux kernel 安全漏洞 — Linux Kernel 7.5 -2021-05-25
CVE-2021-20209 Privoxy 安全漏洞 — privoxy 7.5 -2021-05-25
CVE-2021-27386 Siemens SIMATIC WinCC 缓冲区错误漏洞 — SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) 7.5 -2021-05-12
CVE-2021-0272 Junos OS: QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: In EVPN-VXLAN scenarios receipt of specific genuine packets by an adjacent attacker will cause a kernel memory leak in FPC. — Junos OS 6.5 Medium2021-04-22
CVE-2021-20193 git tar.git 安全漏洞 — tar 5.5 -2021-03-26
CVE-2021-20215 Privoxy 安全漏洞 — privoxy 7.5 -2021-03-25
CVE-2021-20214 Privoxy 安全漏洞 — privoxy 7.5 -2021-03-25
CVE-2021-20212 Privoxy 安全漏洞 — privoxy 7.5 -2021-03-25
CVE-2021-20211 Privoxy 安全漏洞 — privoxy 7.5 -2021-03-25
CVE-2021-20210 Privoxy 安全漏洞 — privoxy 7.5 -2021-03-25
CVE-2020-35502 Privoxy 安全漏洞 — privoxy 7.5 -2021-03-25
CVE-2021-1387 Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability — Cisco NX-OS Software 8.6 High2021-02-24
CVE-2021-1229 Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability — Cisco NX-OS Software 5.8 Medium2021-02-24
CVE-2021-1353 Cisco StarOS IPv4 Denial of Service Vulnerability — Cisco ASR 5000 Series Software 5.8 Medium2021-01-20
CVE-2020-27755 ImageMagick Studio ImageMagick 代码问题漏洞 — ImageMagick 5.5 -2020-12-08
CVE-2020-27753 ImageMagick Studio ImageMagick 安全漏洞 — ImageMagick 5.5 -2020-12-08
CVE-2020-27822 Red Hat Wildfly 安全漏洞 — wildfly 5.9 -2020-12-08
CVE-2020-25704 Linux kernel 资源管理错误漏洞 — kernel 5.5 -2020-12-02
CVE-2020-25689 Red Hat Wildfly 资源管理错误漏洞 — wildfly-core 5.3 Medium2020-10-30
CVE-2020-1683 Junos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling — Junos OS 7.5 High2020-10-16
CVE-2020-11637 Automation Runtime TFTP Service DoS Vulnerability — Automation Runtime 5.8 Medium2020-10-15
CVE-2020-25644 OpenSSL 资源管理错误漏洞 — wildfly-openssl 7.5 -2020-10-06
CVE-2020-8916 Memory leak in wpanctl can lead to DoS — wpantund 5.0 Medium2020-07-07

Vulnerabilities classified as CWE-401 (在移除最后引用时对内存的释放不恰当(内存泄露)) represent 215 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.