VYPR

CWE-404

Improper Resource Shutdown or Release

ClassDraftLikelihood: Medium

Description

The product does not release or incorrectly releases a resource before it is made available for re-use.

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-131 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-666

CVEs mapped to this weakness (306)

page 5 of 16
  • CVE-2024-4013MedJun 6, 2024
    risk 0.36cvss 5.6epss 0.00

    A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity…

  • CVE-2024-2760MedApr 23, 2024
    risk 0.36cvss 5.5epss 0.00

    Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver.

  • CVE-2018-11055MedAug 31, 2018
    risk 0.36cvss 5.5epss 0.00

    RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the…

  • CVE-2017-0733MedAug 9, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487.

  • CVE-2017-9059MedMay 18, 2017
    risk 0.36cvss 5.5epss 0.00

    The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.

  • CVE-2017-8925MedMay 12, 2017
    risk 0.36cvss 5.5epss 0.00

    The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.

  • CVE-2017-8071MedApr 23, 2017
    risk 0.36cvss 5.5epss 0.00

    drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.

  • CVE-2026-47213MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine.…

  • CVE-2026-29771MedMar 7, 2026
    risk 0.35cvss 6.5epss 0.00

    Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately…

  • CVE-2026-2957MedFeb 22, 2026
    risk 0.35cvss 5.4epss 0.00

    A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be…

  • CVE-2025-13564MedNov 23, 2025
    risk 0.35cvss 5.4epss 0.00

    A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible…

  • CVE-2024-2995MedMar 27, 2024
    risk 0.35cvss 5.4epss 0.01

    A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit…

  • CVE-2018-8836MedApr 3, 2018
    risk 0.35cvss 5.3epss 0.04

    Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be…

  • CVE-2026-10224MedJun 1, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption.…

  • CVE-2026-9540MedMay 26, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available…

  • CVE-2026-8318MedMay 11, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file pageindex/page_index.py of the component PDF Table of Contents Handler. The manipulation results…

  • CVE-2026-8226MedMay 10, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be launched remotely. The exploit has been…

  • CVE-2026-8225MedMay 10, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is…

  • CVE-2026-8224MedMay 10, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of…

  • CVE-2026-8223MedMay 10, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The…