CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-5599-VJ49-3FH3
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-23 21:31In the Linux kernel, the following vulnerability has been resolved:
pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()
In pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns directly. This bypasses the cleanup logic and results in a memory leak of the cfg buffer.
Fix this by jumping to the out label on failure, ensuring kfree(cfg) is called before returning.
{
"affected": [],
"aliases": [
"CVE-2026-23337"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()\n\nIn pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns\ndirectly. This bypasses the cleanup logic and results in a memory leak of\nthe cfg buffer.\n\nFix this by jumping to the out label on failure, ensuring kfree(cfg) is\ncalled before returning.",
"id": "GHSA-5599-vj49-3fh3",
"modified": "2026-04-23T21:31:17Z",
"published": "2026-03-25T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23337"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/63ee429780a5d43b5b4406c6128109b0f47cf2f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a648d598cb8e8c62af3f0e020a25820a3f3a9a7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-55C4-H3Q7-F6WP
Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2024-04-10 18:30A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.
{
"affected": [],
"aliases": [
"CVE-2024-3382"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T17:15:56Z",
"severity": "HIGH"
},
"details": "A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.",
"id": "GHSA-55c4-h3q7-f6wp",
"modified": "2024-04-10T18:30:48Z",
"published": "2024-04-10T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3382"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2024-3382"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-55MR-J6CQ-W4R9
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2023-02-23 15:33ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
{
"affected": [],
"aliases": [
"CVE-2019-13311"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-05T01:15:00Z",
"severity": "MODERATE"
},
"details": "ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.",
"id": "GHSA-55mr-j6cq-w4r9",
"modified": "2023-02-23T15:33:06Z",
"published": "2022-05-24T16:49:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13311"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1623"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/4a334bbf5584de37c6f5a47c380a531c8c4b140a"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4192-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4712"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-563M-XR38-7C3J
Vulnerability from github – Published: 2024-03-25 09:32 – Updated: 2024-10-31 18:31In the Linux kernel, the following vulnerability has been resolved:
ptp: ocp: Fix a resource leak in an error handling path
If an error occurs after a successful 'pci_ioremap_bar()' call, it must be undone by a corresponding 'pci_iounmap()' call, as already done in the remove function.
{
"affected": [],
"aliases": [
"CVE-2021-47147"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-25T09:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: ocp: Fix a resource leak in an error handling path\n\nIf an error occurs after a successful \u0027pci_ioremap_bar()\u0027 call, it must be\nundone by a corresponding \u0027pci_iounmap()\u0027 call, as already done in the\nremove function.",
"id": "GHSA-563m-xr38-7c3j",
"modified": "2024-10-31T18:31:15Z",
"published": "2024-03-25T09:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47147"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0e38e702f1152479e6afac34f151dbfd99417f99"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-56CR-F967-877P
Vulnerability from github – Published: 2022-03-29 00:01 – Updated: 2022-04-06 00:02In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.
{
"affected": [],
"aliases": [
"CVE-2022-27950"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-28T04:15:00Z",
"severity": "MODERATE"
},
"details": "In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.",
"id": "GHSA-56cr-f967-877p",
"modified": "2022-04-06T00:02:12Z",
"published": "2022-03-29T00:01:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27950"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/817b8b9c5396d2b2d92311b46719aad5d3339dbe"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=817b8b9c5396d2b2d92311b46719aad5d3339dbe"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2022/03/13/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-56Q3-8QV6-8RGP
Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
{
"affected": [],
"aliases": [
"CVE-2019-6128"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-11T05:29:00Z",
"severity": "HIGH"
},
"details": "The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.",
"id": "GHSA-56q3-8qv6-8rgp",
"modified": "2022-05-13T01:22:35Z",
"published": "2022-05-13T01:22:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6128"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Nov/5"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-25"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3906-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3906-2"
},
{
"type": "WEB",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2836"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-57M4-X9JR-6J53
Vulnerability from github – Published: 2024-08-21 09:31 – Updated: 2024-09-12 15:32In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: add hash if ready poll request can't complete inline
If we don't, then we may lose access to it completely, leading to a request leak. This will eventually stall the ring exit process as well.
{
"affected": [],
"aliases": [
"CVE-2023-52914"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-21T07:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/poll: add hash if ready poll request can\u0027t complete inline\n\nIf we don\u0027t, then we may lose access to it completely, leading to a\nrequest leak. This will eventually stall the ring exit process as\nwell.",
"id": "GHSA-57m4-x9jr-6j53",
"modified": "2024-09-12T15:32:59Z",
"published": "2024-08-21T09:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52914"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4ad6c063541665c407d17e1faf2fe4f04e947dcc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/febb985c06cb6f5fac63598c0bffd4fd823d110d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-57R8-MCJ9-Q86M
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2025-04-11 03:39The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
{
"affected": [],
"aliases": [
"CVE-2010-2942"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-09-21T18:00:00Z",
"severity": "MODERATE"
},
"details": "The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.",
"id": "GHSA-57r8-mcj9-q86m",
"modified": "2025-04-11T03:39:12Z",
"published": "2022-05-13T01:23:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2942"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2010:0723"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2010:0771"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2010:0779"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2010-2942"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=1c40be12f7d8ca1d387510d39787b12e512a7ce8"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"type": "WEB",
"url": "http://patchwork.ozlabs.org/patch/61857"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41512"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/46397"
},
{
"type": "WEB",
"url": "http://support.avaya.com/css/P8/documents/100113326"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/08/18/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/08/19/4"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/42529"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/2430"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0298"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-585P-9MG2-6VMM
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: Fix a memory leak in hang state error path
When vc4_save_hang_state() encounters an early return condition, it
returns without freeing the previously allocated kernel_state,
leaking memory.
Add the missing kfree() calls by consolidating the early return paths into a single place.
{
"affected": [],
"aliases": [
"CVE-2026-43104"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T10:16:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Fix a memory leak in hang state error path\n\nWhen vc4_save_hang_state() encounters an early return condition, it\nreturns without freeing the previously allocated `kernel_state`,\nleaking memory.\n\nAdd the missing kfree() calls by consolidating the early return paths\ninto a single place.",
"id": "GHSA-585p-9mg2-6vmm",
"modified": "2026-06-01T18:31:30Z",
"published": "2026-05-06T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43104"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/259e2bba3fd7005c62cbd42365a48b3221b244e3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3eb7dd55021d0f4308fbea0bea21d2118984d8e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9487daa18e627ac6b5ed5911be79f23362554b70"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9525d169e5fd481538cf8c663cc5839e54f2e481"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c197def3834cbee3fd824ce4c57d08cb24e18955"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8fdd6adc07b78ad3e9ee0004876d90cb59ca941"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd5c49787a32da96a2b154427eb17cbf12a83c28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e352e9adc9f6df54d63150ff832f71c04e30744b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5886-R5HR-C2V4
Vulnerability from github – Published: 2025-04-09 21:31 – Updated: 2025-04-09 21:31A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series
allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic.
A jbuf memory leak can be noticed from the following logs:
(.) Warning: jbuf pool id <#> utilization level (%) is above %!
To recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs.
This issue affects Junos OS on SRX Series:
- all versions before 21.2R3-S9,
- 21.4 versions before 21.4R3-S10,
- 22.2 versions before 22.2R3-S6,
- 22.4 versions before 22.4R3-S6,
- 23.2 versions before 23.2R2-S3,
- 23.4 versions before 23.4R2-S3,
- 24.2 versions before 24.2R2.
{
"affected": [],
"aliases": [
"CVE-2025-30658"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-09T20:15:29Z",
"severity": "HIGH"
},
"details": "A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series \n\nallows an unauthenticated, network-based attacker\u00a0to cause a Denial-of-Service (DoS).\n\nOn all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic.\n\nA jbuf memory leak can be noticed from the following logs:\n\n(\u003cnode\u003e.)\u003cfpc\u003e Warning: jbuf pool id \u003c#\u003e utilization level (\u003ccurrent level\u003e%) is above \u003cthreshold\u003e%!\n\nTo recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs.\n\n\n\n\nThis issue affects Junos OS on SRX Series:\u00a0\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S10,\n * 22.2 versions before 22.2R3-S6,\n * 22.4 versions before 22.4R3-S6,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S3,\n * 24.2 versions before 24.2R2.",
"id": "GHSA-5886-r5hr-c2v4",
"modified": "2025-04-09T21:31:44Z",
"published": "2025-04-09T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30658"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA96469"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.