CWE-401
Missing Release of Memory after Effective Lifetime
VariantDraftLikelihood: Medium
Description
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (108)
page 6 of 6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-5063 | 0.00 | — | 0.00 | Aug 31, 2011 | Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244. | ||
| CVE-2009-0581 | 0.00 | — | 0.02 | Mar 23, 2009 | Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. | ||
| CVE-2008-3913 | 0.00 | — | 0.04 | Sep 11, 2008 | Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic". | ||
| CVE-2005-3181 | 0.00 | — | 0.00 | Oct 12, 2005 | The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). | ||
| CVE-2005-3119 | 0.00 | — | 0.00 | Oct 12, 2005 | Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys. | ||
| CVE-2004-0427 | 0.00 | — | 0.00 | Jul 7, 2004 | The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call. | ||
| CVE-2004-0222 | 0.00 | — | 0.02 | May 4, 2004 | Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite. | ||
| CVE-2002-0574 | 0.00 | — | 0.01 | Jul 3, 2002 | Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed. |