VYPR

CWE-401

Missing Release of Memory after Effective Lifetime

VariantDraftLikelihood: Medium

Description

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (327)

page 1 of 17
  • CVE-2018-0158HigKEVMar 28, 2018
    risk 0.68cvss 8.6epss 0.07

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The…

  • CVE-2026-0646HigJun 16, 2026
    risk 0.57cvss epss 0.00

    A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to…

  • CVE-2025-14027HigJan 20, 2026
    risk 0.57cvss epss 0.00

    Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to…

  • CVE-2025-20239HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger…

  • CVE-2025-20133HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly stop responding, resulting in a DoS…

  • CVE-2018-15377HigOct 5, 2018
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due…

  • CVE-2026-23172HigFeb 14, 2026
    risk 0.55cvss 8.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: fix potential skb->frags overflow in RX path When receiving data in the DPMAIF RX path, the t7xx_dpmaif_set_frag_to_skb() function adds page fragments to an skb without checking if the number…

  • CVE-2016-4232HigJul 13, 2016
    risk 0.55cvss 7.5epss 0.36

    Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors.

  • CVE-2016-6304HigSep 26, 2016
    risk 0.54cvss 7.5epss 0.63

    Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

  • CVE-2026-20105HigMar 4, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory…

  • CVE-2026-20014HigMar 4, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services…

  • CVE-2025-0241HigJan 7, 2025
    risk 0.50cvss 7.7epss 0.01

    When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.

  • CVE-2015-8567HigApr 13, 2017
    risk 0.50cvss 7.7epss 0.06

    Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2026-48059HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid…

  • CVE-2026-48006HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array…

  • CVE-2026-35424HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

  • CVE-2026-3104HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.01

    A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and…

  • CVE-2026-23095HigFeb 4, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. [0] The repro generated a GUE packet with its inner protocol 0. gue_udp_recv() returns -guehdr->proto_ctype for "resubmit" in…

  • CVE-2026-24828HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.

  • CVE-2021-32032HigMay 21, 2021
    risk 0.49cvss 7.5epss 0.02

    In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.