VYPR

CWE-401

Missing Release of Memory after Effective Lifetime

VariantDraftLikelihood: Medium

Description

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (327)

page 16 of 17
  • CVE-2023-5954Nov 9, 2023
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

  • CVE-2023-5349Oct 30, 2023
    risk 0.00cvss epss 0.01

    A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

  • CVE-2023-36435Oct 10, 2023
    risk 0.00cvss epss 0.05

    Microsoft QUIC Denial of Service Vulnerability

  • CVE-2023-34450Jul 3, 2023
    risk 0.00cvss epss 0.01

    CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct `PeerState` is serialized to JSON introduced a deadlock when new…

  • CVE-2023-34451Jul 3, 2023
    risk 0.00cvss epss 0.01

    CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be…

  • CVE-2022-23471Dec 7, 2022
    risk 0.00cvss epss 0.01

    containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails…

  • CVE-2021-3690Aug 23, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

  • CVE-2022-23578Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was…

  • CVE-2022-23585Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling…

  • CVE-2021-39176Aug 31, 2021
    risk 0.00cvss epss 0.02

    detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1.

  • CVE-2020-25340Feb 16, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).

  • CVE-2020-27822Dec 8, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the…

  • CVE-2020-2322Dec 3, 2020
    risk 0.00cvss epss 0.01

    Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.

  • CVE-2020-25689Oct 30, 2020
    risk 0.00cvss epss 0.01

    A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out…

  • CVE-2020-15254Oct 16, 2020
    risk 0.00cvss epss 0.03

    Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that…

  • CVE-2020-25644Oct 6, 2020
    risk 0.00cvss epss 0.02

    A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

  • CVE-2020-25794Sep 19, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.

  • CVE-2020-25795Sep 19, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.

  • CVE-2020-9489Apr 27, 2020
    risk 0.00cvss epss 0.03

    A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika…

  • CVE-2009-5063Aug 31, 2011
    risk 0.00cvss epss 0.01

    Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. …