Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-772 (对已超过有效生命周期的资源丧失索引) — Vulnerability Class 51

51 vulnerabilities classified as CWE-772 (对已超过有效生命周期的资源丧失索引). AI Chinese analysis included.

CWE-772 represents a resource management weakness where software fails to release allocated resources, such as memory, file handles, or network connections, after they are no longer needed. This oversight typically leads to resource exhaustion, causing system instability, performance degradation, or denial-of-service conditions as available resources dwindle. Attackers often exploit this by triggering repeated allocations without corresponding releases, effectively starving the system of critical resources. To prevent this, developers must implement strict lifecycle management protocols, ensuring that every allocated resource is explicitly freed or closed once its operational purpose concludes. Utilizing automated memory management tools, adhering to the RAII paradigm, and conducting rigorous code reviews for proper cleanup routines are essential strategies for mitigating this vulnerability and maintaining system reliability.

MITRE CWE Description
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Common Consequences (1)
AvailabilityDoS: Resource Consumption (Other), DoS: Resource Consumption (Memory), DoS: Resource Consumption (CPU)
An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.
Mitigations (3)
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
ImplementationIt is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions.
Operation, Architecture and DesignUse resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems. When the current levels get close to the maximum that is define…
Examples (2)
The following method never closes the new file handle. Given enough time, the Finalize() method for BufferReader should eventually call Close(), but there is no guarantee as to how long this action will take. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, the Operating System could use up all of the available file handles before the Close() function is …
private void processFile(string fName) { BufferReader fil = new BufferReader(new FileReader(fName)); String line; while ((line = fil.ReadLine()) != null) { processLine(line); } }
Bad · Java
private void processFile(string fName) { BufferReader fil = new BufferReader(new FileReader(fName)); String line; while ((line = fil.ReadLine()) != null) { processLine(line); } fil.Close(); }
Good · Java
The following code attempts to open a new connection to a database, process the results returned by the database, and close the allocated SqlConnection object.
SqlConnection conn = new SqlConnection(connString); SqlCommand cmd = new SqlCommand(queryString); cmd.Connection = conn; conn.Open(); SqlDataReader rdr = cmd.ExecuteReader(); HarvestResults(rdr); conn.Connection.Close();
Bad · C#
CVE IDTitleCVSSSeverityPublished
CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence — BIND 9 7.5 High2026-03-25
CVE-2026-2261 blocklistd(8) socket leak — FreeBSD 7.5AIHighAI2026-03-09
CVE-2026-20082 Cisco Secure Firewall Adaptive Security Appliance 安全漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 8.6 High2026-03-04
CVE-2026-2359 Multer vulnerable to Denial of Service via resource exhaustion — multer 7.5 -2026-02-27
CVE-2025-14969 Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http client disconnect — Red Hat build of Quarkus 3.27.2 4.3 Medium2026-01-26
CVE-2026-21874 NiceGUI has Redis connection leak via tab storage causes service degradation — nicegui 5.3 Medium2026-01-08
CVE-2025-64734 Gallagher T-Series Reader 安全漏洞 — T21 Reader 2.4 Low2025-11-18
CVE-2025-54983 Health check port on ZCC allows tunnel bypass — Zscaler Client Connector 5.2 Medium2025-11-12
CVE-2025-62723 FlashMQ does not release memory of queued QoS messages — FlashMQ 4.3 Medium2025-10-24
CVE-2025-36128 IBM MQ denial of service — MQ 7.5 High2025-10-16
CVE-2025-61670 Wasmtime has memory leak in C API with `externref` and `anyref` types — wasmtime 7.5AIHighAI2025-10-07
CVE-2025-30256 Tenda AC6 安全漏洞 — AC6 V5.0 8.6 High2025-08-20
CVE-2023-32255 Kernel: memory leak via ksmbd session setup request with unknown ntlmssp message type 5.3 Medium2025-08-02
CVE-2025-36071 IBM Db2 denial of service — IBM Db2 6.5 Medium2025-07-29
CVE-2025-44003 Gallagher T-Series Reader 安全漏洞 — T-Series Readers 4.3 Medium2025-07-10
CVE-2025-3864 Connection pool exhaustion in hackney — hackney 4.3AIMediumAI2025-05-28
CVE-2025-22891 BIG-IP PEM Vulnerability — BIG-IP 7.5 High2025-02-05
CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method — aiohttp 5.9 -2024-11-18
CVE-2024-10396 Fileserver crash and possible information leak on StoreACL/FetchACL — OpenAFS 6.5 Medium2024-11-14
CVE-2024-49769 Waitress has a denial of service leading to high CPU usage/resource exhaustion — waitress 7.5 High2024-10-29
CVE-2024-20493 Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 5.3 Medium2024-10-23
CVE-2024-20481 Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 5.8 Medium2024-10-23
CVE-2024-41888 Apache Answer: The link for resetting user password is not Single-Use — Apache Answer 7.5AIHighAI2024-08-09
CVE-2024-41890 Apache Answer: The link to reset the user's password will remain valid after sending a new link — Apache Answer 7.5AIHighAI2024-08-09
CVE-2024-39562 Junos OS Evolved: A high rate of SSH connections causes a Denial of Service — Junos OS Evolved 7.5 High2024-07-10
CVE-2024-28882 OpenVPN 安全漏洞 — OpenVPN--AI2024-07-08
CVE-2024-1300 Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support 5.4 Medium2024-04-02
CVE-2024-22383 Gallagher Controller 7000 安全漏洞 — Controller 7000 6.2 Medium2024-03-05
CVE-2024-21789 BIG-IP ASM and Advanced WAF vulnerability — BIG-IP 7.5 High2024-02-14
CVE-2023-31274 Missing Release of Resource after Effective Lifetime vulnerability in Aveva PI Server — PI Server 5.3 Medium2024-01-18

Vulnerabilities classified as CWE-772 (对已超过有效生命周期的资源丧失索引) represent 51 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.