Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-5599-VJ49-3FH3

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-23 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()

In pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns directly. This bypasses the cleanup logic and results in a memory leak of the cfg buffer.

Fix this by jumping to the out label on failure, ensuring kfree(cfg) is called before returning.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:31Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()\n\nIn pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns\ndirectly. This bypasses the cleanup logic and results in a memory leak of\nthe cfg buffer.\n\nFix this by jumping to the out label on failure, ensuring kfree(cfg) is\ncalled before returning.",
  "id": "GHSA-5599-vj49-3fh3",
  "modified": "2026-04-23T21:31:17Z",
  "published": "2026-03-25T12:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23337"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63ee429780a5d43b5b4406c6128109b0f47cf2f1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a648d598cb8e8c62af3f0e020a25820a3f3a9a7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55C4-H3Q7-F6WP

Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2024-04-10 18:30
VLAI
Details

A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T17:15:56Z",
    "severity": "HIGH"
  },
  "details": "A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.",
  "id": "GHSA-55c4-h3q7-f6wp",
  "modified": "2024-04-10T18:30:48Z",
  "published": "2024-04-10T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3382"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2024-3382"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55MR-J6CQ-W4R9

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2023-02-23 15:33
VLAI
Details

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-05T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.",
  "id": "GHSA-55mr-j6cq-w4r9",
  "modified": "2023-02-23T15:33:06Z",
  "published": "2022-05-24T16:49:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13311"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/1623"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/4a334bbf5584de37c6f5a47c380a531c8c4b140a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4192-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4712"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-563M-XR38-7C3J

Vulnerability from github – Published: 2024-03-25 09:32 – Updated: 2024-10-31 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ptp: ocp: Fix a resource leak in an error handling path

If an error occurs after a successful 'pci_ioremap_bar()' call, it must be undone by a corresponding 'pci_iounmap()' call, as already done in the remove function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-25T09:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: ocp: Fix a resource leak in an error handling path\n\nIf an error occurs after a successful \u0027pci_ioremap_bar()\u0027 call, it must be\nundone by a corresponding \u0027pci_iounmap()\u0027 call, as already done in the\nremove function.",
  "id": "GHSA-563m-xr38-7c3j",
  "modified": "2024-10-31T18:31:15Z",
  "published": "2024-03-25T09:32:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47147"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e38e702f1152479e6afac34f151dbfd99417f99"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-56CR-F967-877P

Vulnerability from github – Published: 2022-03-29 00:01 – Updated: 2022-04-06 00:02
VLAI
Details

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27950"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-28T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.",
  "id": "GHSA-56cr-f967-877p",
  "modified": "2022-04-06T00:02:12Z",
  "published": "2022-03-29T00:01:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27950"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/817b8b9c5396d2b2d92311b46719aad5d3339dbe"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=817b8b9c5396d2b2d92311b46719aad5d3339dbe"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2022/03/13/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-56Q3-8QV6-8RGP

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-11T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.",
  "id": "GHSA-56q3-8qv6-8rgp",
  "modified": "2022-05-13T01:22:35Z",
  "published": "2022-05-13T01:22:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6128"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Nov/5"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-25"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3906-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3906-2"
    },
    {
      "type": "WEB",
      "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2836"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-57M4-X9JR-6J53

Vulnerability from github – Published: 2024-08-21 09:31 – Updated: 2024-09-12 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring/poll: add hash if ready poll request can't complete inline

If we don't, then we may lose access to it completely, leading to a request leak. This will eventually stall the ring exit process as well.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52914"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T07:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/poll: add hash if ready poll request can\u0027t complete inline\n\nIf we don\u0027t, then we may lose access to it completely, leading to a\nrequest leak. This will eventually stall the ring exit process as\nwell.",
  "id": "GHSA-57m4-x9jr-6j53",
  "modified": "2024-09-12T15:32:59Z",
  "published": "2024-08-21T09:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52914"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ad6c063541665c407d17e1faf2fe4f04e947dcc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/febb985c06cb6f5fac63598c0bffd4fd823d110d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-57R8-MCJ9-Q86M

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2025-04-11 03:39
VLAI
Details

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-2942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-09-21T18:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.",
  "id": "GHSA-57r8-mcj9-q86m",
  "modified": "2025-04-11T03:39:12Z",
  "published": "2022-05-13T01:23:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2942"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2010:0723"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2010:0771"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2010:0779"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2010-2942"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=1c40be12f7d8ca1d387510d39787b12e512a7ce8"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://patchwork.ozlabs.org/patch/61857"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41512"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/css/P8/documents/100113326"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/18/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/19/4"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/42529"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1000-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2430"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-585P-9MG2-6VMM

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: Fix a memory leak in hang state error path

When vc4_save_hang_state() encounters an early return condition, it returns without freeing the previously allocated kernel_state, leaking memory.

Add the missing kfree() calls by consolidating the early return paths into a single place.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T10:16:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Fix a memory leak in hang state error path\n\nWhen vc4_save_hang_state() encounters an early return condition, it\nreturns without freeing the previously allocated `kernel_state`,\nleaking memory.\n\nAdd the missing kfree() calls by consolidating the early return paths\ninto a single place.",
  "id": "GHSA-585p-9mg2-6vmm",
  "modified": "2026-06-01T18:31:30Z",
  "published": "2026-05-06T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43104"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/259e2bba3fd7005c62cbd42365a48b3221b244e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3eb7dd55021d0f4308fbea0bea21d2118984d8e7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9487daa18e627ac6b5ed5911be79f23362554b70"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9525d169e5fd481538cf8c663cc5839e54f2e481"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c197def3834cbee3fd824ce4c57d08cb24e18955"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d8fdd6adc07b78ad3e9ee0004876d90cb59ca941"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd5c49787a32da96a2b154427eb17cbf12a83c28"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e352e9adc9f6df54d63150ff832f71c04e30744b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5886-R5HR-C2V4

Vulnerability from github – Published: 2025-04-09 21:31 – Updated: 2025-04-09 21:31
VLAI
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series

allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic.

A jbuf memory leak can be noticed from the following logs:

(.) Warning: jbuf pool id <#> utilization level (%) is above %!

To recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs.

This issue affects Junos OS on SRX Series: 

  • all versions before 21.2R3-S9,
  • 21.4 versions before 21.4R3-S10,
  • 22.2 versions before 22.2R3-S6,
  • 22.4 versions before 22.4R3-S6,
  • 23.2 versions before 23.2R2-S3,
  • 23.4 versions before 23.4R2-S3,
  • 24.2 versions before 24.2R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-09T20:15:29Z",
    "severity": "HIGH"
  },
  "details": "A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series \n\nallows an unauthenticated, network-based attacker\u00a0to cause a Denial-of-Service (DoS).\n\nOn all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic.\n\nA jbuf memory leak can be noticed from the following logs:\n\n(\u003cnode\u003e.)\u003cfpc\u003e Warning: jbuf pool id \u003c#\u003e utilization level (\u003ccurrent level\u003e%) is above \u003cthreshold\u003e%!\n\nTo recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs.\n\n\n\n\nThis issue affects Junos OS on SRX Series:\u00a0\n\n  *  all versions before 21.2R3-S9,\n  *  21.4 versions before 21.4R3-S10,\n  *  22.2 versions before 22.2R3-S6,\n  *  22.4 versions before 22.4R3-S6,\n  *  23.2 versions before 23.2R2-S3,\n  *  23.4 versions before 23.4R2-S3,\n  *  24.2 versions before 24.2R2.",
  "id": "GHSA-5886-r5hr-c2v4",
  "modified": "2025-04-09T21:31:44Z",
  "published": "2025-04-09T21:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30658"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA96469"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.