CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-4M7P-8MQ4-H9JM
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: Add the missed acpi_put_table() to fix memory leak
When the radeon driver reads the bios information from ACPI table in radeon_acpi_vfct_bios(), it misses to call acpi_put_table() to release the ACPI memory after the init, so add acpi_put_table() properly to fix the memory leak.
v2: fix text formatting (Alex)
{
"affected": [],
"aliases": [
"CVE-2022-50275"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: Add the missed acpi_put_table() to fix memory leak\n\nWhen the radeon driver reads the bios information from ACPI\ntable in radeon_acpi_vfct_bios(), it misses to call acpi_put_table()\nto release the ACPI memory after the init, so add acpi_put_table()\nproperly to fix the memory leak.\n\nv2: fix text formatting (Alex)",
"id": "GHSA-4m7p-8mq4-h9jm",
"modified": "2025-12-03T21:30:58Z",
"published": "2025-09-15T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50275"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10276a20be1115e1f76c189330da2992df980eee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4539e3211a9bd2418e76797718a4e60a7ae34fcf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4760fa67aff6bd8ef0b14c1fa04c295e734c7309"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50113de0f1e913c0b733e21d3e61fe9c0f2e9d50"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d25bc63708145c10f9c099d5c005602a7f2ef5f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9e203e437310f61fdf3c1107f41f85864cf4f6b1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0f26560be2c566b62331cb0eeffa52929aa4d44"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4b30f56ec512e2c35fc0761bc90b0e519d8fa6e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4MF7-92W2-GVPW
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
{
"affected": [],
"aliases": [
"CVE-2020-22049"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-02T16:15:00Z",
"severity": "MODERATE"
},
"details": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.",
"id": "GHSA-4mf7-92w2-gvpw",
"modified": "2022-05-24T19:03:52Z",
"published": "2022-05-24T19:03:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22049"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/8314"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4990"
},
{
"type": "WEB",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=373c1c9b691fd4c6831b3a114a006b639304c2af"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4MGG-FQFQ-64HG
Vulnerability from github – Published: 2024-07-19 09:32 – Updated: 2024-11-18 16:26In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf-rt-transports-http"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf-rt-transports-http"
},
"ranges": [
{
"events": [
{
"introduced": "3.6.0"
},
{
"fixed": "3.6.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-41172"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-19T18:34:56Z",
"nvd_published_at": "2024-07-19T09:15:05Z",
"severity": "MODERATE"
},
"details": "In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory\n",
"id": "GHSA-4mgg-fqfq-64hg",
"modified": "2024-11-18T16:26:53Z",
"published": "2024-07-19T09:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41172"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/cxf"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache CXF allows unrestricted memory consumption in CXF HTTP clients"
}
GHSA-4MJ3-QM89-4QGH
Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. During the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. Continued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. Scenarios which have been observed are: 1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled. 2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device. 3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - 3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed. 4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario. This issue affects: Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S6; 16.1 version 16.1X70-D10 and later; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect releases prior to Junos OS 16.1R1.
{
"affected": [],
"aliases": [
"CVE-2020-1603"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-15T09:15:00Z",
"severity": "HIGH"
},
"details": "Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. During the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. Continued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. Scenarios which have been observed are: 1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled. 2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device. 3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis\u0027 design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - 3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed. 4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario. This issue affects: Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S6; 16.1 version 16.1X70-D10 and later; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect releases prior to Junos OS 16.1R1.",
"id": "GHSA-4mj3-qm89-4qgh",
"modified": "2022-05-24T17:06:21Z",
"published": "2022-05-24T17:06:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1603"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA10982"
},
{
"type": "WEB",
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1443576"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4MMV-85V4-Q6HM
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.
{
"affected": [],
"aliases": [
"CVE-2021-26111"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-01T20:15:00Z",
"severity": "MODERATE"
},
"details": "A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.",
"id": "GHSA-4mmv-85v4-q6hm",
"modified": "2022-05-24T19:03:41Z",
"published": "2022-05-24T19:03:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26111"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-21-026"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4MX2-9F8M-CPMR
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-24 18:32In the Linux kernel, the following vulnerability has been resolved:
mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()
The function mtd_parser_tplink_safeloader_parse() allocates buf via mtd_parser_tplink_safeloader_read_table(). If the allocation for parts[idx].name fails inside the loop, the code jumps to the err_free label without freeing buf, leading to a memory leak.
Fix this by freeing the temporary buffer buf in the err_free label.
Compile tested only. Issue found using a prototype static analysis tool and code review.
{
"affected": [],
"aliases": [
"CVE-2026-45921"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()\n\nThe function mtd_parser_tplink_safeloader_parse() allocates buf via\nmtd_parser_tplink_safeloader_read_table(). If the allocation for\nparts[idx].name fails inside the loop, the code jumps to the err_free\nlabel without freeing buf, leading to a memory leak.\n\nFix this by freeing the temporary buffer buf in the err_free label.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review.",
"id": "GHSA-4mx2-9f8m-cpmr",
"modified": "2026-06-24T18:32:28Z",
"published": "2026-05-27T15:33:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45921"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0f5e62ea5c43146eacdc6861cb1022ffae1b79bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/971e9c53aed82f17a9c6a65daa4e21cc15eba5b1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/980ce2b02dd06a4fdf5fee38b2e14becf9cf7b8b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e97f5fac8ce9a6b9ec724c97d86b0985e915fdca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec121ad626c319085f6d40a52cd04e99b4554926"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4P4Q-6835-5W79
Vulnerability from github – Published: 2025-11-05 15:31 – Updated: 2025-11-05 17:48A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-46784"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-05T15:15:39Z",
"severity": "CRITICAL"
},
"details": "A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr\u0026#39;ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.",
"id": "GHSA-4p4q-6835-5w79",
"modified": "2025-11-05T17:48:28Z",
"published": "2025-11-05T15:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46784"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2195"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2195"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4P9W-PPGQ-RM99
Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2024-08-21 18:31In the Linux kernel, the following vulnerability has been resolved:
cpufreq: amd-pstate: fix memory leak on CPU EPP exit
The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is not freed in the analogous exit function, so fix that.
[ rjw: Subject and changelog edits ]
{
"affected": [],
"aliases": [
"CVE-2024-40997"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-12T13:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix memory leak on CPU EPP exit\n\nThe cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is\nnot freed in the analogous exit function, so fix that.\n\n[ rjw: Subject and changelog edits ]",
"id": "GHSA-4p9w-ppgq-rm99",
"modified": "2024-08-21T18:31:26Z",
"published": "2024-07-12T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40997"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/448efb7ea0bfa2c4e27c5a2eb5684fd225cd12cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8015c17fe11a8608cc3eb83d0ab831e1845a9582"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cea04f3d9aeebda9d9c063c0dfa71e739c322c81"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4PMQ-325H-RX32
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: Free rwi on reset success
Free the rwi structure in the event that the last rwi in the list processed successfully. The logic in commit 4f408e1fa6e1 ("ibmvnic: retry reset if there are no other resets") introduces an issue that results in a 32 byte memory leak whenever the last rwi in the list gets processed.
{
"affected": [],
"aliases": [
"CVE-2022-49906"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Free rwi on reset success\n\nFree the rwi structure in the event that the last rwi in the list\nprocessed successfully. The logic in commit 4f408e1fa6e1 (\"ibmvnic:\nretry reset if there are no other resets\") introduces an issue that\nresults in a 32 byte memory leak whenever the last rwi in the list\ngets processed.",
"id": "GHSA-4pmq-325h-rx32",
"modified": "2025-05-07T15:31:26Z",
"published": "2025-05-01T15:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49906"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/535b78739ae75f257c894a05b1afa86ad9a3669e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3543a287cfba9105dcc4bb41eb817f51266caaf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d6dd2fe71153f0ff748bf188bd4af076fe09a0a6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4PV3-63JW-4JW2
Vulnerability from github – Published: 2021-05-07 15:53 – Updated: 2022-10-07 20:41A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.24"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tika:tika"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-9489"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-05T22:53:02Z",
"nvd_published_at": "2020-04-27T14:15:00Z",
"severity": "MODERATE"
},
"details": "A carefully crafted or corrupt file may trigger a System.exit in Tika\u0027s OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika\u0027s ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.",
"id": "GHSA-4pv3-63jw-4jw2",
"modified": "2022-10-07T20:41:22Z",
"published": "2021-05-07T15:53:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9489"
},
{
"type": "WEB",
"url": "https://github.com/apache/tika/commit/0f4d5de0f85455e91433fb0b464ea0461d7c891d"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tika"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/TIKA-3081"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4d943777e36ca3aa6305a45da5acccc54ad894f2d5a07186cfa2442c%40%3Cdev.tika.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Missing Release of Memory after Effective Lifetime in Apache Tika"
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.