VYPR

CWE-772

Missing Release of Resource after Effective Lifetime

BaseDraftLikelihood: High

Description

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-469

CVEs mapped to this weakness (345)

page 2 of 18
  • CVE-2017-12245HigOct 5, 2017
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If…

  • CVE-2017-1000408HigFeb 1, 2018
    risk 0.54cvss 7.8epss 0.01

    A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

  • CVE-2026-35227HigMay 12, 2026
    risk 0.53cvss epss 0.00

    An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.

  • CVE-2001-0830HigDec 6, 2001
    risk 0.52cvss 7.5epss 0.06

    6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.

  • CVE-2017-15845HigJan 10, 2018
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation.

  • CVE-2017-0719HigAug 9, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673.

  • CVE-2025-65947HigNov 21, 2025
    risk 0.50cvss epss 0.00

    thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the thread_amount function calls CreateToolhelp32Snapshot but fails…

  • CVE-1999-1127HigDec 31, 1999
    risk 0.50cvss 7.5epss 0.18

    Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

  • CVE-2026-39455HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors.  Note: Software versions which have reached End of Technical…

  • CVE-2026-3104HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.01

    A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and…

  • CVE-2025-24120HigJan 27, 2025
    risk 0.49cvss 7.5epss 0.01

    This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An attacker may be able to cause unexpected app termination.

  • CVE-2018-17332HigSep 22, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.

  • CVE-2018-1999043HigAug 23, 2018
    risk 0.49cvss 7.5epss 0.02

    A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.

  • CVE-2018-1000215HigAug 20, 2018
    risk 0.49cvss 7.5epss 0.02

    Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak…

  • CVE-2018-7994HigJul 31, 2018
    risk 0.49cvss 7.5epss 0.01

    Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory…

  • CVE-2018-5536HigJul 25, 2018
    risk 0.49cvss 7.5epss 0.02

    A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.

  • CVE-2018-14073HigJul 15, 2018
    risk 0.49cvss 7.5epss 0.01

    libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.

  • CVE-2018-14072HigJul 15, 2018
    risk 0.49cvss 7.5epss 0.01

    libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.

  • CVE-2018-13843HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is…

  • CVE-2018-13420HigJul 7, 2018
    risk 0.49cvss 7.5epss 0.02

    Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program