VYPR

CWE-772

Missing Release of Resource after Effective Lifetime

BaseDraftLikelihood: High

Description

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-469

CVEs mapped to this weakness (345)

page 12 of 18
  • CVE-2017-8346MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8345MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8344MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8343MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-2312MedApr 24, 2017
    risk 0.42cvss 6.5epss 0.02

    On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this…

  • CVE-2017-7943MedApr 18, 2017
    risk 0.42cvss 6.5epss 0.03

    The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.

  • CVE-2017-7942MedApr 18, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.

  • CVE-2017-7941MedApr 18, 2017
    risk 0.42cvss 6.5epss 0.03

    The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.

  • CVE-2015-8568MedApr 11, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.

  • CVE-2017-6414MedMar 15, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object.

  • CVE-2017-6386MedMar 15, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands.

  • CVE-2017-6317MedMar 15, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable.

  • CVE-2017-5993MedMar 15, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_CCMD_BLIT commands.

  • CVE-2017-2596MedFeb 6, 2017
    risk 0.42cvss 6.5epss 0.00

    The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.

  • CVE-2016-9912MedDec 23, 2016
    risk 0.42cvss 6.5epss 0.00

    Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in…

  • CVE-2016-9911MedDec 23, 2016
    risk 0.42cvss 6.5epss 0.00

    Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.

  • CVE-2016-9907MedDec 23, 2016
    risk 0.42cvss 6.5epss 0.00

    Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a…

  • CVE-2017-12278MedNov 2, 2017
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a…

  • CVE-2024-22383MedMar 5, 2024
    risk 0.40cvss 6.2epss 0.00

    Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects:…

  • CVE-2017-15094MedJan 23, 2018
    risk 0.39cvss 5.9epss 0.03

    An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than…