VYPR

CWE-404

Improper Resource Shutdown or Release

ClassDraftLikelihood: Medium

Description

The product does not release or incorrectly releases a resource before it is made available for re-use.

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-131 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-666

CVEs mapped to this weakness (306)

page 9 of 16
  • CVE-2025-15156MedDec 28, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer…

  • CVE-2025-14747MedDec 16, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in Ningyuanda TC155 57.0.2.0. The impacted element is an unknown function of the component RTSP Service. Performing manipulation results in denial of service. The attack must originate from the local network. The exploit has been made public and could…

  • CVE-2025-14105MedDec 5, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/proc_post of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOT_DEVICE can lead to denial of…

  • CVE-2025-12917MedNov 9, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to denial of service. Access to the local network is required for this attack to…

  • CVE-2025-61795MedOct 27, 2025
    risk 0.28cvss 5.3epss 0.01

    Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage…

  • CVE-2025-7462MedJul 12, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation…

  • CVE-2025-3535MedApr 13, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file BurpApiFinder.db. The manipulation leads to denial of service. The attack can be launched remotely. The…

  • CVE-2025-24160MedJan 27, 2025
    risk 0.28cvss 4.3epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

  • CVE-2026-10650MedJun 2, 2026
    risk 0.27cvss 5.3epss 0.00

    A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msg_len can lead to resource…

  • CVE-2026-8319MedMay 11, 2026
    risk 0.27cvss 5.3epss 0.00

    A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py of the component cheshire_cat_core. This…

  • CVE-2026-7734MedMay 4, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may…

  • CVE-2026-6985MedApr 25, 2026
    risk 0.27cvss 5.3epss 0.01

    A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be…

  • CVE-2026-6607MedApr 20, 2026
    risk 0.27cvss 5.3epss 0.01

    A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed…

  • CVE-2026-5661MedApr 6, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used.

  • CVE-2026-4531MedMar 22, 2026
    risk 0.27cvss 5.3epss 0.00

    A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called…

  • CVE-2024-47972MedOct 7, 2024
    risk 0.26cvss 4.0epss 0.00

    Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource.

  • CVE-2017-1000369MedJun 19, 2017
    risk 0.26cvss 4.0epss 0.01

    Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream…

  • CVE-2026-4988LowMar 27, 2026
    risk 0.24cvss 3.7epss 0.01

    A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly…

  • CVE-2025-4444LowSep 18, 2025
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated…

  • CVE-2026-8232LowMay 10, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about…