CWE-401
Missing Release of Memory after Effective Lifetime
Description
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (327)
page 16 of 17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5954 | 0.00 | — | 0.01 | Nov 9, 2023 | HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10. | |||
| CVE-2023-5349 | 0.00 | — | 0.01 | Oct 30, 2023 | A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion. | |||
| CVE-2023-36435 | 0.00 | — | 0.05 | Oct 10, 2023 | Microsoft QUIC Denial of Service Vulnerability | |||
| CVE-2023-34450 | 0.00 | — | 0.01 | Jul 3, 2023 | CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct `PeerState` is serialized to JSON introduced a deadlock when new… | |||
| CVE-2023-34451 | 0.00 | — | 0.01 | Jul 3, 2023 | CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be… | |||
| CVE-2022-23471 | 0.00 | — | 0.01 | Dec 7, 2022 | containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails… | |||
| CVE-2021-3690 | — | 0.00 | — | 0.01 | Aug 23, 2022 | A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. | ||
| CVE-2022-23578 | 0.00 | — | 0.01 | Feb 4, 2022 | Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was… | |||
| CVE-2022-23585 | 0.00 | — | 0.01 | Feb 4, 2022 | Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling… | |||
| CVE-2021-39176 | 0.00 | — | 0.02 | Aug 31, 2021 | detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1. | |||
| CVE-2020-25340 | — | 0.00 | — | 0.00 | Feb 16, 2021 | An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS). | ||
| CVE-2020-27822 | 0.00 | — | 0.01 | Dec 8, 2020 | A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the… | |||
| CVE-2020-2322 | 0.00 | — | 0.01 | Dec 3, 2020 | Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | |||
| CVE-2020-25689 | — | 0.00 | — | 0.01 | Oct 30, 2020 | A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out… | ||
| CVE-2020-15254 | 0.00 | — | 0.03 | Oct 16, 2020 | Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that… | |||
| CVE-2020-25644 | — | 0.00 | — | 0.02 | Oct 6, 2020 | A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability. | ||
| CVE-2020-25794 | — | 0.00 | — | 0.02 | Sep 19, 2020 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic. | ||
| CVE-2020-25795 | — | 0.00 | — | 0.02 | Sep 19, 2020 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic. | ||
| CVE-2020-9489 | — | 0.00 | — | 0.03 | Apr 27, 2020 | A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika… | ||
| CVE-2009-5063 | 0.00 | — | 0.01 | Aug 31, 2011 | Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. … |
- CVE-2023-5954Nov 9, 2023risk 0.00cvss —epss 0.01
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
- CVE-2023-5349Oct 30, 2023risk 0.00cvss —epss 0.01
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.
- CVE-2023-36435Oct 10, 2023risk 0.00cvss —epss 0.05
Microsoft QUIC Denial of Service Vulnerability
- CVE-2023-34450Jul 3, 2023risk 0.00cvss —epss 0.01
CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct `PeerState` is serialized to JSON introduced a deadlock when new…
- CVE-2023-34451Jul 3, 2023risk 0.00cvss —epss 0.01
CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be…
- CVE-2022-23471Dec 7, 2022risk 0.00cvss —epss 0.01
containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails…
- CVE-2021-3690Aug 23, 2022risk 0.00cvss —epss 0.01
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
- CVE-2022-23578Feb 4, 2022risk 0.00cvss —epss 0.01
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was…
- CVE-2022-23585Feb 4, 2022risk 0.00cvss —epss 0.01
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling…
- CVE-2021-39176Aug 31, 2021risk 0.00cvss —epss 0.02
detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1.
- CVE-2020-25340Feb 16, 2021risk 0.00cvss —epss 0.00
An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).
- CVE-2020-27822Dec 8, 2020risk 0.00cvss —epss 0.01
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the…
- CVE-2020-2322Dec 3, 2020risk 0.00cvss —epss 0.01
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.
- CVE-2020-25689Oct 30, 2020risk 0.00cvss —epss 0.01
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out…
- CVE-2020-15254Oct 16, 2020risk 0.00cvss —epss 0.03
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that…
- CVE-2020-25644Oct 6, 2020risk 0.00cvss —epss 0.02
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
- CVE-2020-25794Sep 19, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.
- CVE-2020-25795Sep 19, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.
- CVE-2020-9489Apr 27, 2020risk 0.00cvss —epss 0.03
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika…
- CVE-2009-5063Aug 31, 2011risk 0.00cvss —epss 0.01
Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. …