CWE-772

Missing Release of Resource after Effective Lifetime

BaseDraftLikelihood: High

Description

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Hierarchy (View 1000)

Parents

CWE-404

Children

Related attack patterns (CAPEC)

CAPEC-469

CVEs mapped to this weakness (223)

page 4 of 12

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-42577	Hig	0.42	7.5	0.00	May 13, 2026	Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% CPU busy-loop in the event loop thread. This vulnerability is fixed in 4.2.13.Final.
CVE-2025-27421	Hig	0.42	7.5	0.00	Mar 3, 2025	Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and terminate associated goroutines. This leads to resource exhaustion where the server continues running but eventually stops accepting new SSE connections while maintaining high memory usage. The vulnerability specifically involves improper channel cleanup in the event handling mechanism, causing goroutines to remain blocked indefinitely. This vulnerability is fixed in 1.4.0.
CVE-2017-17934	Med	0.42	6.5	0.01	Dec 27, 2017	ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.
CVE-2017-17887	Med	0.42	6.5	0.00	Dec 27, 2017	In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.
CVE-2017-17886	Med	0.42	6.5	0.00	Dec 27, 2017	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
CVE-2017-17885	Med	0.42	6.5	0.00	Dec 27, 2017	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
CVE-2017-17884	Med	0.42	6.5	0.00	Dec 27, 2017	In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
CVE-2017-17883	Med	0.42	6.5	0.00	Dec 27, 2017	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.
CVE-2017-17882	Med	0.42	6.5	0.00	Dec 27, 2017	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
CVE-2017-17881	Med	0.42	6.5	0.00	Dec 27, 2017	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
CVE-2017-17680	Med	0.42	6.5	0.00	Dec 14, 2017	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
CVE-2017-8201	Med	0.42	6.5	0.00	Nov 22, 2017	MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.
CVE-2017-12190	Med	0.42	6.5	0.00	Nov 22, 2017	The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
CVE-2017-15593	Med	0.42	6.5	0.00	Oct 18, 2017	An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
CVE-2017-15218	Med	0.42	6.5	0.00	Oct 10, 2017	ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
CVE-2017-15217	Med	0.42	6.5	0.01	Oct 10, 2017	ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVE-2017-14684	Med	0.42	6.5	0.00	Sep 22, 2017	In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
CVE-2017-14533	Med	0.42	6.5	0.00	Sep 18, 2017	ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
CVE-2017-14343	Med	0.42	6.5	0.00	Sep 12, 2017	ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
CVE-2017-14326	Med	0.42	6.5	0.00	Sep 12, 2017	In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.