Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-349W-CGP3-287R

Vulnerability from github – Published: 2022-09-22 00:00 – Updated: 2025-05-28 18:33
VLAI
Details

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-21T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
  "id": "GHSA-349w-cgp3-287r",
  "modified": "2025-05-28T18:33:05Z",
  "published": "2022-09-22T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38178"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/docs/cve-2022-38178"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-25"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20221228-0009"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5235"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-35RF-7VHX-9PHR

Vulnerability from github – Published: 2022-06-24 00:00 – Updated: 2022-06-30 00:00
VLAI
Details

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-23T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.",
  "id": "GHSA-35rf-7vhx-9phr",
  "modified": "2022-06-30T00:00:34Z",
  "published": "2022-06-24T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33105"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/pull/10753"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/pull/10829"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202209-17"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220729-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-36M3-C68M-7673

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53406"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time.  To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
  "id": "GHSA-36m3-c68m-7673",
  "modified": "2025-12-12T21:31:31Z",
  "published": "2025-09-18T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53406"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6236a6d2cdfb710bd8a82c4b179d0a034d0d99cb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78d9586d8e728be1e360d3d0da7170c791d1d55e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a038a681b7df78362d9fc7013e5395a694a9d3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d48a7887dbca22e064c20caf20ae7949019fe9b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-36QF-2Q77-7JH9

Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-06-28 09:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

neigh: let neigh_xmit take skb ownership

neigh_xmit always releases the skb, except when no neighbour table is found. But even the first added user of neigh_xmit (mpls) relied on neigh_xmit to release the skb (or queue it for tx).

sashiko reported: If neigh_xmit() is called with an uninitialized neighbor table (for example, NEIGH_ND_TABLE when IPv6 is disabled), it returns -EAFNOSUPPORT and bypasses its internal out_kfree_skb error path. Because the return value of neigh_xmit() is ignored here, does this leak the SKB?

Assume full ownership and remove the last code path that doesn't xmit or free skb.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-52981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T17:17:08Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nneigh: let neigh_xmit take skb ownership\n\nneigh_xmit always releases the skb, except when no neighbour table is\nfound. But even the first added user of neigh_xmit (mpls) relied on\nneigh_xmit to release the skb (or queue it for tx).\n\nsashiko reported:\n If neigh_xmit() is called with an uninitialized neighbor table (for\n example, NEIGH_ND_TABLE when IPv6 is disabled), it returns -EAFNOSUPPORT\n and bypasses its internal out_kfree_skb error path.  Because the return\n value of neigh_xmit() is ignored here, does this leak the SKB?\n\nAssume full ownership and remove the last code path that doesn\u0027t\nxmit or free skb.",
  "id": "GHSA-36qf-2q77-7jh9",
  "modified": "2026-06-28T09:31:37Z",
  "published": "2026-06-24T18:32:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52981"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0084712e0bee204b284510cdb63182fd5a30c2b7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4438113be604ee67a7bf4f81da6e1cca41332ce4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/445e45a2c3a078316a62d2d331a570cf34ef5079"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63063ba60d2dc334e34f1e3f9271d7f3f6f30307"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8a89054a1ec0767aec25ed2bbac933da6ba3cf5a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9247d59ca15bf60a57dca08103f055d8a4340877"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-36R9-GJ33-8P48

Vulnerability from github – Published: 2024-12-29 12:30 – Updated: 2025-01-08 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

apparmor: test: Fix memory leak for aa_unpack_strdup()

The string allocated by kmemdup() in aa_unpack_strdup() is not freed and cause following memory leaks, free them to fix it.

unreferenced object 0xffffff80c6af8a50 (size 8):
  comm "kunit_try_catch", pid 225, jiffies 4294894407
  hex dump (first 8 bytes):
    74 65 73 74 69 6e 67 00                          testing.
  backtrace (crc 5eab668b):
    [<0000000001e3714d>] kmemleak_alloc+0x34/0x40
    [<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0
    [<000000006870467c>] kmemdup_noprof+0x34/0x60
    [<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c
    [<000000008ecde918>] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec
    [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
    [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
    [<00000000adf936cf>] kthread+0x2e8/0x374
    [<0000000041bb1628>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80c2a29090 (size 8):
  comm "kunit_try_catch", pid 227, jiffies 4294894409
  hex dump (first 8 bytes):
    74 65 73 74 69 6e 67 00                          testing.
  backtrace (crc 5eab668b):
    [<0000000001e3714d>] kmemleak_alloc+0x34/0x40
    [<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0
    [<000000006870467c>] kmemdup_noprof+0x34/0x60
    [<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c
    [<0000000046a45c1a>] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4
    [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
    [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
    [<00000000adf936cf>] kthread+0x2e8/0x374
    [<0000000041bb1628>] ret_from_fork+0x10/0x20
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56741"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-29T12:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: test: Fix memory leak for aa_unpack_strdup()\n\nThe string allocated by kmemdup() in aa_unpack_strdup() is not\nfreed and cause following memory leaks, free them to fix it.\n\n\tunreferenced object 0xffffff80c6af8a50 (size 8):\n\t  comm \"kunit_try_catch\", pid 225, jiffies 4294894407\n\t  hex dump (first 8 bytes):\n\t    74 65 73 74 69 6e 67 00                          testing.\n\t  backtrace (crc 5eab668b):\n\t    [\u003c0000000001e3714d\u003e] kmemleak_alloc+0x34/0x40\n\t    [\u003c000000006e6c7776\u003e] __kmalloc_node_track_caller_noprof+0x300/0x3e0\n\t    [\u003c000000006870467c\u003e] kmemdup_noprof+0x34/0x60\n\t    [\u003c000000001176bb03\u003e] aa_unpack_strdup+0xd0/0x18c\n\t    [\u003c000000008ecde918\u003e] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec\n\t    [\u003c0000000032ef8f77\u003e] kunit_try_run_case+0x13c/0x3ac\n\t    [\u003c00000000f3edea23\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t    [\u003c00000000adf936cf\u003e] kthread+0x2e8/0x374\n\t    [\u003c0000000041bb1628\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80c2a29090 (size 8):\n\t  comm \"kunit_try_catch\", pid 227, jiffies 4294894409\n\t  hex dump (first 8 bytes):\n\t    74 65 73 74 69 6e 67 00                          testing.\n\t  backtrace (crc 5eab668b):\n\t    [\u003c0000000001e3714d\u003e] kmemleak_alloc+0x34/0x40\n\t    [\u003c000000006e6c7776\u003e] __kmalloc_node_track_caller_noprof+0x300/0x3e0\n\t    [\u003c000000006870467c\u003e] kmemdup_noprof+0x34/0x60\n\t    [\u003c000000001176bb03\u003e] aa_unpack_strdup+0xd0/0x18c\n\t    [\u003c0000000046a45c1a\u003e] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4\n\t    [\u003c0000000032ef8f77\u003e] kunit_try_run_case+0x13c/0x3ac\n\t    [\u003c00000000f3edea23\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t    [\u003c00000000adf936cf\u003e] kthread+0x2e8/0x374\n\t    [\u003c0000000041bb1628\u003e] ret_from_fork+0x10/0x20",
  "id": "GHSA-36r9-gj33-8p48",
  "modified": "2025-01-08T00:30:48Z",
  "published": "2024-12-29T12:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56741"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a9b68f2dc6812bd1b8880b5c00e60203d6f61f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5354599855a9b5568e05ce686119ee3ff8b19bd5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/59a149e7c38e7b76616c8b333fc6aa5b6fb2293c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7290f59231910ccba427d441a6e8b8c6f6112448"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89265f88701e54dde255ddf862093baeca57548c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d62ee5739a66644b0e7f11e657d562458cdcdea3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f856246ff6da25c4f8fdd73a9c875e878b085e9f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-374J-38XH-4WR2

Vulnerability from github – Published: 2026-03-26 09:30 – Updated: 2026-03-26 15:30
VLAI
Details

When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf.

If an attacker is either on path with an established TCP connection, or can themselves establish a TCP connection, to an affected FreeBSD machine, they can easily craft and send packets which meet the challenge ACK criteria and cause the FreeBSD host to leak an mbuf for each crafted packet in excess of the configured rate limit settings i.e. with default settings, crafted packets in excess of the first 5 sent within a 1s period will leak an mbuf.

Technically, off-path attackers can also exploit this problem by guessing the IP addresses, TCP port numbers and in some cases the sequence numbers of established connections and spoofing packets towards a FreeBSD machine, but this is harder to do effectively.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-26T07:16:20Z",
    "severity": "HIGH"
  },
  "details": "When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in.  When no challenge ACK should be sent the function returns and leaks the mbuf.\n\nIf an attacker is either on path with an established TCP connection, or can themselves establish a TCP connection, to an affected FreeBSD machine, they can easily craft and send packets which meet the challenge ACK criteria and cause the FreeBSD host to leak an mbuf for each crafted packet in excess of the configured rate limit settings i.e. with default settings, crafted packets in excess of the first 5 sent within a 1s period will leak an mbuf.\n\nTechnically, off-path attackers can also exploit this problem by guessing the IP addresses, TCP port numbers and in some cases the sequence numbers of established connections and spoofing packets towards a FreeBSD machine, but this is harder to do effectively.",
  "id": "GHSA-374j-38xh-4wr2",
  "modified": "2026-03-26T15:30:36Z",
  "published": "2026-03-26T09:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4247"
    },
    {
      "type": "WEB",
      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:06.tcp.asc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-377P-XR9W-8773

Vulnerability from github – Published: 2026-07-10 15:31 – Updated: 2026-07-10 15:31
VLAI
Details

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56366"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-10T15:16:43Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.",
  "id": "GHSA-377p-xr9w-8773",
  "modified": "2026-07-10T15:31:40Z",
  "published": "2026-07-10T15:31:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9r56-3gjq-hqf7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56366"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-meta-reader-app1jpeg-error-path"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-378Q-GQ6Q-WJHH

Vulnerability from github – Published: 2022-11-01 12:00 – Updated: 2022-11-02 12:00
VLAI
Details

timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43151"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-31T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc.",
  "id": "GHSA-378q-gq6q-wjhh",
  "modified": "2022-11-02T12:00:37Z",
  "published": "2022-11-01T12:00:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43151"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hzeller/timg/issues/92"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3797-G9F6-3QF2

Vulnerability from github – Published: 2023-04-14 00:31 – Updated: 2024-04-04 03:27
VLAI
Details

Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-30637"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-13T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.",
  "id": "GHSA-3797-g9f6-3qf2",
  "modified": "2024-04-04T03:27:31Z",
  "published": "2023-04-14T00:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30637"
    },
    {
      "type": "WEB",
      "url": "https://github.com/baidu/braft/issues/393"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-37HW-M3RC-6WW4

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2024-03-21 03:33
VLAI
Details

A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-18T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a.",
  "id": "GHSA-37hw-m3rc-6ww4",
  "modified": "2024-03-21T03:33:48Z",
  "published": "2022-05-24T17:01:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19049"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/e13de8fe0d6a51341671bbe384826d527afe8d44"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157173"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.