CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-3XRX-73H3-J99C
Vulnerability from github – Published: 2024-05-20 12:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent subvolume's fs tree, which cannot be mediated in the normal way via start_transaction. When quota groups (squota or qgroups) are enabled, this reserves qgroup metadata of type PREALLOC. Once the operation is associated to a transaction, we convert PREALLOC to PERTRANS, which gets cleared in bulk at the end of the transaction.
However, the error paths of these three operations were not implementing this lifecycle correctly. They unconditionally converted the PREALLOC to PERTRANS in a generic cleanup step regardless of errors or whether the operation was fully associated to a transaction or not. This resulted in error paths occasionally converting this rsv to PERTRANS without calling record_root_in_trans successfully, which meant that unless that root got recorded in the transaction by some other thread, the end of the transaction would not free that root's PERTRANS, leaking it. Ultimately, this resulted in hitting a WARN in CONFIG_BTRFS_DEBUG builds at unmount for the leaked reservation.
The fix is to ensure that every qgroup PREALLOC reservation observes the following properties:
- any failure before record_root_in_trans is called successfully results in freeing the PREALLOC reservation.
- after record_root_in_trans, we convert to PERTRANS, and now the transaction owns freeing the reservation.
This patch enforces those properties on the three operations. Without it, generic/269 with squotas enabled at mkfs time would fail in ~5-10 runs on my system. With this patch, it ran successfully 1000 times in a row.
{
"affected": [],
"aliases": [
"CVE-2024-35956"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-20T10:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations\n\nCreate subvolume, create snapshot and delete subvolume all use\nbtrfs_subvolume_reserve_metadata() to reserve metadata for the changes\ndone to the parent subvolume\u0027s fs tree, which cannot be mediated in the\nnormal way via start_transaction. When quota groups (squota or qgroups)\nare enabled, this reserves qgroup metadata of type PREALLOC. Once the\noperation is associated to a transaction, we convert PREALLOC to\nPERTRANS, which gets cleared in bulk at the end of the transaction.\n\nHowever, the error paths of these three operations were not implementing\nthis lifecycle correctly. They unconditionally converted the PREALLOC to\nPERTRANS in a generic cleanup step regardless of errors or whether the\noperation was fully associated to a transaction or not. This resulted in\nerror paths occasionally converting this rsv to PERTRANS without calling\nrecord_root_in_trans successfully, which meant that unless that root got\nrecorded in the transaction by some other thread, the end of the\ntransaction would not free that root\u0027s PERTRANS, leaking it. Ultimately,\nthis resulted in hitting a WARN in CONFIG_BTRFS_DEBUG builds at unmount\nfor the leaked reservation.\n\nThe fix is to ensure that every qgroup PREALLOC reservation observes the\nfollowing properties:\n\n1. any failure before record_root_in_trans is called successfully\n results in freeing the PREALLOC reservation.\n2. after record_root_in_trans, we convert to PERTRANS, and now the\n transaction owns freeing the reservation.\n\nThis patch enforces those properties on the three operations. Without\nit, generic/269 with squotas enabled at mkfs time would fail in ~5-10\nruns on my system. With this patch, it ran successfully 1000 times in a\nrow.",
"id": "GHSA-3xrx-73h3-j99c",
"modified": "2025-11-03T21:31:05Z",
"published": "2024-05-20T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35956"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14431815a4ae4bcd7c7a68b6a64c66c7712d27c9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c95336f5d8eb9ab79cd7306d71b6d0477363f8c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74e97958121aa1f5854da6effba70143f051b0cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/945559be6e282a812dc48f7bcd5adc60901ea4a0"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-427X-59VX-VJWQ
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-12 21:31In the Linux kernel, the following vulnerability has been resolved:
ubifs: Fix memory leak in do_rename
If renaming a file in an encrypted directory, function fscrypt_setup_filename allocates memory for a file name. This name is never used, and before returning to the caller the memory for it is not freed.
When running kmemleak on it we see that it is registered as a leak. The report below is triggered by a simple program 'rename' that renames a file in an encrypted directory:
unreferenced object 0xffff888101502840 (size 32): comm "rename", pid 9404, jiffies 4302582475 (age 435.735s) backtrace: __kmem_cache_alloc_node __kmalloc fscrypt_setup_filename do_rename ubifs_rename vfs_rename do_renameat2
To fix this we can remove the call to fscrypt_setup_filename as it's not needed.
{
"affected": [],
"aliases": [
"CVE-2023-53396"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:42Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix memory leak in do_rename\n\nIf renaming a file in an encrypted directory, function\nfscrypt_setup_filename allocates memory for a file name. This name is\nnever used, and before returning to the caller the memory for it is not\nfreed.\n\nWhen running kmemleak on it we see that it is registered as a leak. The\nreport below is triggered by a simple program \u0027rename\u0027 that renames a\nfile in an encrypted directory:\n\n unreferenced object 0xffff888101502840 (size 32):\n comm \"rename\", pid 9404, jiffies 4302582475 (age 435.735s)\n backtrace:\n __kmem_cache_alloc_node\n __kmalloc\n fscrypt_setup_filename\n do_rename\n ubifs_rename\n vfs_rename\n do_renameat2\n\nTo fix this we can remove the call to fscrypt_setup_filename as it\u0027s not\nneeded.",
"id": "GHSA-427x-59vx-vjwq",
"modified": "2025-12-12T21:31:31Z",
"published": "2025-09-18T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53396"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3a36d20e012903f45714df2731261fdefac900cb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43b2f7d690697182beed6f71aa57b7249d3cfc9c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/517ddc0259d7a7231486bdafde8035c478bc4088"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e264f67b7d6580eff5c2696961039fd05c69258"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f565752b328fe53c9e42b7d4e4d89a1da63d738"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-42GH-8G4F-4X6C
Vulnerability from github – Published: 2024-02-28 09:30 – Updated: 2024-12-09 21:31In the Linux kernel, the following vulnerability has been resolved:
crypto: sun8i-ss - Fix memory leak of pad
It appears there are several failure return paths that don't seem to be free'ing pad. Fix these.
Addresses-Coverity: ("Resource leak")
{
"affected": [],
"aliases": [
"CVE-2021-47053"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-28T09:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ss - Fix memory leak of pad\n\nIt appears there are several failure return paths that don\u0027t seem\nto be free\u0027ing pad. Fix these.\n\nAddresses-Coverity: (\"Resource leak\")",
"id": "GHSA-42gh-8g4f-4x6c",
"modified": "2024-12-09T21:31:00Z",
"published": "2024-02-28T09:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47053"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c67a9333da9d0a3b87310e0d116b7c9070c7b00"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50274b01ac1689b1a3f6bc4b5b3dbf361a55dd3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c633e025bd04f54d7b33331cfcdb71354b08ce59"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3d702084d125689edb2b9395c707e09b471352e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-42MF-MH48-7GJJ
Vulnerability from github – Published: 2026-07-15 12:32 – Updated: 2026-07-15 12:32ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service.
{
"affected": [],
"aliases": [
"CVE-2026-61871"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-15T12:18:22Z",
"severity": "MODERATE"
},
"details": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service.",
"id": "GHSA-42mf-mh48-7gjj",
"modified": "2026-07-15T12:32:05Z",
"published": "2026-07-15T12:32:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h58x-r7f7-rh84"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-61871"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-icon-decoder"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-42P2-4VV3-9QV4
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
{
"affected": [],
"aliases": [
"CVE-2020-35679"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-24T16:15:00Z",
"severity": "HIGH"
},
"details": "smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a \"very significant\" memory leak via messages to an instance that performs many regex lookups.",
"id": "GHSA-42p2-4vv3-9qv4",
"modified": "2022-05-24T17:37:16Z",
"published": "2022-05-24T17:37:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35679"
},
{
"type": "WEB",
"url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC"
},
{
"type": "WEB",
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-12"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-42P8-RV8P-8H4J
Vulnerability from github – Published: 2026-03-27 00:31 – Updated: 2026-03-27 00:31A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it.
{
"affected": [],
"aliases": [
"CVE-2026-3650"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-26T22:16:31Z",
"severity": "HIGH"
},
"details": "A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it.",
"id": "GHSA-42p8-rv8p-8h4j",
"modified": "2026-03-27T00:31:21Z",
"published": "2026-03-27T00:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3650"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-083-01.json"
},
{
"type": "WEB",
"url": "https://sourceforge.net/projects/gdcm"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-083-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-42RG-42XM-FX4V
Vulnerability from github – Published: 2026-06-16 15:33 – Updated: 2026-06-16 15:33A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover.
{
"affected": [],
"aliases": [
"CVE-2026-0646"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-16T15:16:33Z",
"severity": "HIGH"
},
"details": "A denial-of-service security issue exists within the 1794-AENTR adapter due to improper\u00a0memory handling\u00a0of CIP protocol requests. This\u00a0vulnerability\u00a0can result in the\u00a0adapter\u00a0faulting and losing connection to\u00a0its\u00a0associated I/O modules, requiring a manual reset to recover.",
"id": "GHSA-42rg-42xm-fx4v",
"modified": "2026-06-16T15:33:51Z",
"published": "2026-06-16T15:33:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0646"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-432X-CPJH-37F7
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
{
"affected": [],
"aliases": [
"CVE-2021-20215"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-25T19:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.",
"id": "GHSA-432x-cpjh-37f7",
"modified": "2022-05-24T17:45:22Z",
"published": "2022-05-24T17:45:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20215"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"type": "WEB",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-433R-F7HR-HVFV
Vulnerability from github – Published: 2022-05-01 02:15 – Updated: 2022-05-01 02:15The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).
{
"affected": [],
"aliases": [
"CVE-2005-3181"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-10-12T13:04:00Z",
"severity": "LOW"
},
"details": "The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).",
"id": "GHSA-433r-f7hr-hvfv",
"modified": "2022-05-01T02:15:22Z",
"published": "2022-05-01T02:15:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3181"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9467"
},
{
"type": "WEB",
"url": "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=829841146878e082613a49581ae252c071057c23"
},
{
"type": "WEB",
"url": "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=829841146878e082613a49581ae252c071057c23"
},
{
"type": "WEB",
"url": "http://linux.bkbits.net:8080/linux-2.6/cset%404346883bQBeBd26syWTKX2CVC5bDcA"
},
{
"type": "WEB",
"url": "http://linux.bkbits.net:8080/linux-2.6/cset@4346883bQBeBd26syWTKX2CVC5bDcA"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17114"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17280"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17364"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17826"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17917"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19374"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2006/dsa-1017"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:235"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-808.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/advisories/9549"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/advisories/9806"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/15076"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-199-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4346-23FM-8JV5
Vulnerability from github – Published: 2025-02-20 18:31 – Updated: 2025-02-24 18:32A memory leak has been identified in the readSizedString function in util/read.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2025-26306"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-20T17:15:12Z",
"severity": "MODERATE"
},
"details": "A memory leak has been identified in the readSizedString function in util/read.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted file.",
"id": "GHSA-4346-23fm-8jv5",
"modified": "2025-02-24T18:32:41Z",
"published": "2025-02-20T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26306"
},
{
"type": "WEB",
"url": "https://github.com/libming/libming/issues/324"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.