CWE-772
Missing Release of Resource after Effective Lifetime
BaseDraftLikelihood: High
Description
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-469
CVEs mapped to this weakness (223)
page 3 of 12| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-12962 | Hig | 0.49 | 7.5 | 0.01 | Aug 18, 2017 | There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. | |
| CVE-2017-12428 | Hig | 0.49 | 7.5 | 0.00 | Aug 4, 2017 | In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c. | |
| CVE-2017-12418 | Hig | 0.49 | 7.5 | 0.00 | Aug 4, 2017 | ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. | |
| CVE-2017-11655 | Hig | 0.49 | 7.5 | 0.02 | Jul 26, 2017 | A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. | |
| CVE-2017-10981 | Hig | 0.49 | 7.5 | 0.02 | Jul 17, 2017 | An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. | |
| CVE-2017-10980 | Hig | 0.49 | 7.5 | 0.02 | Jul 17, 2017 | An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. | |
| CVE-2017-10810 | Hig | 0.49 | 7.5 | 0.01 | Jul 4, 2017 | Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures. | |
| CVE-2017-8309 | Hig | 0.49 | 7.5 | 0.01 | May 23, 2017 | Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | |
| CVE-2017-2315 | Hig | 0.49 | 7.5 | 0.00 | Apr 24, 2017 | On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability. | |
| CVE-2017-7396 | Hig | 0.49 | 7.5 | 0.00 | Apr 1, 2017 | In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. | |
| CVE-2017-7392 | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2017 | In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. | |
| CVE-2017-6384 | Hig | 0.49 | 7.5 | 0.01 | Mar 2, 2017 | Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8. | |
| CVE-2017-5997 | Hig | 0.49 | 7.5 | 0.01 | Feb 15, 2017 | The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972. | |
| CVE-2016-0877 | Hig | 0.49 | 7.5 | 0.01 | May 31, 2016 | Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. | |
| CVE-2008-2122 | Hig | 0.49 | 7.5 | 0.05 | May 9, 2008 | IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets. | |
| CVE-2007-4103 | Hig | 0.49 | 7.5 | 0.03 | Jul 31, 2007 | The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released. | |
| CVE-2007-0897 | Hig | 0.49 | 7.5 | 0.08 | Feb 16, 2007 | Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | |
| CVE-2017-8280 | Hig | 0.46 | 7.0 | 0.00 | Sep 21, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch. | |
| CVE-2017-9936 | Med | 0.46 | 6.5 | 0.05 | Jun 26, 2017 | In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. | |
| CVE-2017-3812 | Med | 0.44 | 6.8 | 0.01 | Feb 3, 2017 | A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2. |