CWE-772
Missing Release of Resource after Effective Lifetime
Description
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-469
CVEs mapped to this weakness (345)
page 4 of 18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15349 | Hig | 0.49 | 7.5 | 0.01 | Feb 15, 2018 | Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00… | ||
| CVE-2017-12467 | Hig | 0.49 | 7.5 | 0.02 | Feb 7, 2018 | Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member. | ||
| CVE-2017-12463 | Hig | 0.49 | 7.5 | 0.01 | Feb 7, 2018 | Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown. | ||
| CVE-2017-13196 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2017-0855 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User… | ||
| CVE-2017-6135 | Hig | 0.49 | 7.5 | 0.02 | Dec 21, 2017 | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions. | ||
| CVE-2017-2700 | Hig | 0.49 | 7.5 | 0.01 | Nov 22, 2017 | AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks. | ||
| CVE-2017-16892 | Hig | 0.49 | 7.5 | 0.01 | Nov 19, 2017 | In Bftpd before 4.7, there is a memory leak in the file rename function. | ||
| CVE-2017-15268 | Hig | 0.49 | 7.5 | 0.04 | Oct 12, 2017 | Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | ||
| CVE-2017-15189 | Hig | 0.49 | 7.5 | 0.02 | Oct 10, 2017 | In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. | ||
| CVE-2017-15033 | Hig | 0.49 | 7.5 | 0.02 | Oct 5, 2017 | ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. | ||
| CVE-2017-0818 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671. | ||
| CVE-2017-0813 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046. | ||
| CVE-2017-13748 | Hig | 0.49 | 7.5 | 0.05 | Aug 29, 2017 | There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | ||
| CVE-2017-12962 | Hig | 0.49 | 7.5 | 0.01 | Aug 18, 2017 | There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. | ||
| CVE-2015-7701 | Hig | 0.49 | 7.5 | 0.07 | Aug 7, 2017 | Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). | ||
| CVE-2017-12428 | Hig | 0.49 | 7.5 | 0.02 | Aug 4, 2017 | In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c. | ||
| CVE-2017-12418 | Hig | 0.49 | 7.5 | 0.03 | Aug 4, 2017 | ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. | ||
| CVE-2017-11655 | Hig | 0.49 | 7.5 | 0.03 | Jul 26, 2017 | A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. | ||
| CVE-2017-10981 | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2017 | An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. |
- risk 0.49cvss 7.5epss 0.01
Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00…
- risk 0.49cvss 7.5epss 0.02
Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member.
- risk 0.49cvss 7.5epss 0.01
Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown.
- risk 0.49cvss 7.5epss 0.02
In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for…
- risk 0.49cvss 7.5epss 0.02
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User…
- risk 0.49cvss 7.5epss 0.02
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.
- risk 0.49cvss 7.5epss 0.01
AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks.
- risk 0.49cvss 7.5epss 0.01
In Bftpd before 4.7, there is a memory leak in the file rename function.
- risk 0.49cvss 7.5epss 0.04
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
- risk 0.49cvss 7.5epss 0.02
In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.
- risk 0.49cvss 7.5epss 0.02
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.
- risk 0.49cvss 7.5epss 0.01
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.
- risk 0.49cvss 7.5epss 0.05
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.
- risk 0.49cvss 7.5epss 0.01
There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.
- risk 0.49cvss 7.5epss 0.07
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
- risk 0.49cvss 7.5epss 0.02
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
- risk 0.49cvss 7.5epss 0.03
ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.
- risk 0.49cvss 7.5epss 0.03
A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions.
- risk 0.49cvss 7.5epss 0.03
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.