Common Weakness Enumeration

CWE-772

Allowed

Missing Release of Resource after Effective Lifetime

Abstraction: Base · Status: Draft

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

567 vulnerabilities reference this CWE, most recent first.

GHSA-6PCH-HQ5W-RG79

Vulnerability from github – Published: 2022-05-13 01:51 – Updated: 2022-05-13 01:51
VLAI
Details

An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-23T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls.",
  "id": "GHSA-6pch-hq5w-rg79",
  "modified": "2022-05-13T01:51:03Z",
  "published": "2022-05-13T01:51:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20408"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/343"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6PV2-QC8V-R267

Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-07-09 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: core: Fix detach procedure for virtual devices in genpd

If a device is attached to a PM domain through genpd_dev_pm_attach_by_id(), genpd calls pm_runtime_enable() for the corresponding virtual device that it registers. While this avoids boilerplate code in drivers, there is no corresponding call to pm_runtime_disable() in genpd_dev_pm_detach().

This means these virtual devices are typically detached from its genpd, while runtime PM remains enabled for them, which is not how things are designed to work. In worst cases it may lead to critical errors, like a NULL pointer dereference bug in genpd_runtime_suspend(), which was recently reported. For another case, we may end up keeping an unnecessary vote for a performance state for the device.

To fix these problems, let's add this missing call to pm_runtime_disable() in genpd_dev_pm_detach().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-08T17:16:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: core: Fix detach procedure for virtual devices in genpd\n\nIf a device is attached to a PM domain through genpd_dev_pm_attach_by_id(),\ngenpd calls pm_runtime_enable() for the corresponding virtual device that\nit registers. While this avoids boilerplate code in drivers, there is no\ncorresponding call to pm_runtime_disable() in genpd_dev_pm_detach().\n\nThis means these virtual devices are typically detached from its genpd,\nwhile runtime PM remains enabled for them, which is not how things are\ndesigned to work. In worst cases it may lead to critical errors, like a\nNULL pointer dereference bug in genpd_runtime_suspend(), which was recently\nreported. For another case, we may end up keeping an unnecessary vote for a\nperformance state for the device.\n\nTo fix these problems, let\u0027s add this missing call to pm_runtime_disable()\nin genpd_dev_pm_detach().",
  "id": "GHSA-6pv2-qc8v-r267",
  "modified": "2026-07-09T00:31:05Z",
  "published": "2026-06-08T18:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46292"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26735dfdd8930d9ef1fa92e590a9bf77726efdf6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/361518a26e4434e879db6ff43bf364795dcbfbff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51a7dd9cbae9210335ce398642ecaaa52c939eb5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/52e485ed0dcb5496864003ba9ffcef7d5b613f83"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/707cb5df3eab32ddc52979418f7ace62941e6381"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d44391a7f29e4601e8243f13498d0219bab2576"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/98b8104978474d381256a2b2fb0e7ca8e05a7bfa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8f8dad44f024a5c99e54a48ad5c943fa8e54319"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q2V-X4CV-GHQX

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-04T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.",
  "id": "GHSA-6q2v-x4cv-ghqx",
  "modified": "2022-05-13T01:31:59Z",
  "published": "2022-05-13T01:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6554"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3775-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3775-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3776-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3776-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3777-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3777-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3777-3"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4308"
    },
    {
      "type": "WEB",
      "url": "https://www.spinics.net/lists/stable/msg255030.html"
    },
    {
      "type": "WEB",
      "url": "https://www.spinics.net/lists/stable/msg255034.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105302"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6VQH-X4XP-MQX7

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vulnerability due to memory don't be released when the system open some function. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-15T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vulnerability due to memory don\u0027t be released when the system open some function. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.",
  "id": "GHSA-6vqh-x4xp-mqx7",
  "modified": "2022-05-13T01:44:18Z",
  "published": "2022-05-13T01:44:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17164"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-antidos-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6XQP-CPJ7-9325

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07
VLAI
Details

Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-10T00:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.",
  "id": "GHSA-6xqp-cpj7-9325",
  "modified": "2022-05-13T01:07:29Z",
  "published": "2022-05-13T01:07:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7466"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2392"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2016-7466"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377837"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201611-11"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b53dd4495ced2432a0b652ea895e651d07336f7e"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/09/19/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/09/20/3"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93029"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-736M-VF8J-9HJV

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI
Details

The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8765"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-04T04:59:00Z",
    "severity": "HIGH"
  },
  "details": "The function named ReadICONImage in coders\\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.",
  "id": "GHSA-736m-vf8j-9hjv",
  "modified": "2022-05-13T01:47:42Z",
  "published": "2022-05-13T01:47:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8765"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/466"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3863"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98688"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-767R-M8M9-RF56

Vulnerability from github – Published: 2022-03-01 00:00 – Updated: 2022-03-17 00:04
VLAI
Details

A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-22844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-28T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.",
  "id": "GHSA-767r-m8m9-rf56",
  "modified": "2022-03-17T00:04:44Z",
  "published": "2022-03-01T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22844"
    },
    {
      "type": "WEB",
      "url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
    },
    {
      "type": "WEB",
      "url": "https://mikrotik.com/support"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7774-RXJC-CWMM

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails

Syzkaller detected a memory leak of skbs in ath9k_hif_usb_rx_stream(). While processing skbs in ath9k_hif_usb_rx_stream(), the already allocated skbs in skb_pool are not freed if ath9k_hif_usb_rx_stream() fails. If we have an incorrect pkt_len or pkt_tag, the input skb is considered invalid and dropped. All the associated packets already in skb_pool should be dropped and freed. Added a comment describing this issue.

The patch also makes remain_skb NULL after being processed so that it cannot be referenced after potential free. The initialization of hif_dev fields which are associated with remain_skb (rx_remain_len, rx_transfer_len and rx_pad_len) is moved after a new remain_skb is allocated.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:46Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails\n\nSyzkaller detected a memory leak of skbs in ath9k_hif_usb_rx_stream().\nWhile processing skbs in ath9k_hif_usb_rx_stream(), the already allocated\nskbs in skb_pool are not freed if ath9k_hif_usb_rx_stream() fails. If we\nhave an incorrect pkt_len or pkt_tag, the input skb is considered invalid\nand dropped. All the associated packets already in skb_pool should be\ndropped and freed. Added a comment describing this issue.\n\nThe patch also makes remain_skb NULL after being processed so that it\ncannot be referenced after potential free. The initialization of hif_dev\nfields which are associated with remain_skb (rx_remain_len,\nrx_transfer_len and rx_pad_len) is moved after a new remain_skb is\nallocated.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
  "id": "GHSA-7774-rxjc-cwmm",
  "modified": "2025-12-03T21:30:59Z",
  "published": "2025-09-15T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53199"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0af54343a76263a12dbae7fafb64eb47c4a6ad38"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3fc6401fafde11712a83089fa2cc874cfd10e2cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/61490d2710277e8a55009b7682456ae22f8087cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9acdec72787af1bc8ed92711b52118c8e3e638a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c766e37fccd5a5c5059be7efcd9618bf8a2c17c3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cd8316767099920a5d41feed1afab0c482a43e9f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f26dd69f61eff2eedf5df2d199bdd23108309947"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77CH-7XCF-V8HP

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46
VLAI
Details

An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-06T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).",
  "id": "GHSA-77ch-7xcf-v8hp",
  "modified": "2022-05-13T01:46:36Z",
  "published": "2022-05-13T01:46:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6499"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/856880"
    },
    {
      "type": "WEB",
      "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=23\u0026p=142634"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3808"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96590"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77HF-FFHJ-JGH3

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-12T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.",
  "id": "GHSA-77hf-ffhj-jgh3",
  "modified": "2022-05-13T01:50:50Z",
  "published": "2022-05-13T01:50:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19213"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392524"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Mitigation
Implementation

It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions.

Mitigation MIT-47
Operation Architecture and Design

Strategy: Resource Limitation

  • Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.
  • When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.
  • Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703).
CAPEC-469: HTTP DoS

An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.