VYPR

CWE-404

Improper Resource Shutdown or Release

ClassDraftLikelihood: Medium

Description

The product does not release or incorrectly releases a resource before it is made available for re-use.

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-131 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-666

CVEs mapped to this weakness (306)

page 15 of 16
  • CVE-2025-14953LowDec 19, 2025
    risk 0.13cvss 3.1epss 0.00

    A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The…

  • CVE-2026-3206LowFeb 25, 2026
    risk 0.08cvss epss 0.00

    Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1; KrakenD-EE: before 2.12.5.

  • CVE-2026-54280lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary Payload resources are not closed correctly when a client disconnects in the middle of a write. ### Impact If a payload is using an open file or similar limited resource, then an attacker may be able to cause resource starvation temporarily until garbage collection…

  • CVE-2025-67635Dec 10, 2025
    risk 0.00cvss epss 0.01

    Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.

  • CVE-2025-9784Sep 2, 2025
    risk 0.00cvss epss 0.02

    A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing…

  • CVE-2025-53019Jul 14, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory…

  • CVE-2024-13009May 8, 2025
    risk 0.00cvss epss 0.00

    In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

  • CVE-2025-3730Apr 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit…

  • CVE-2025-2953Mar 30, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the…

  • CVE-2024-28869Apr 12, 2024
    risk 0.00cvss epss 0.01

    Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to…

  • CVE-2024-28252Mar 15, 2024
    risk 0.00cvss epss 0.01

    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two…

  • CVE-2023-6180Dec 5, 2023
    risk 0.00cvss epss 0.01

    The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each…

  • CVE-2023-20897Sep 5, 2023
    risk 0.00cvss epss 0.01

    Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

  • CVE-2015-10085Feb 21, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version…

  • CVE-2020-36620Dec 21, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption.…

  • CVE-2021-4250Dec 18, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of…

  • CVE-2022-4565Dec 16, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been…

  • CVE-2022-39368Nov 9, 2022
    risk 0.00cvss epss 0.01

    Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the…

  • CVE-2022-2191Jul 7, 2022
    risk 0.00cvss epss 0.02

    In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

  • CVE-2022-25762May 13, 2022
    risk 0.00cvss epss 0.08

    If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The…