VYPR

CWE-772

Missing Release of Resource after Effective Lifetime

BaseDraftLikelihood: High

Description

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-469

CVEs mapped to this weakness (345)

page 4 of 18
  • CVE-2017-15349HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.01

    Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00…

  • CVE-2017-12467HigFeb 7, 2018
    risk 0.49cvss 7.5epss 0.02

    Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member.

  • CVE-2017-12463HigFeb 7, 2018
    risk 0.49cvss 7.5epss 0.01

    Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown.

  • CVE-2017-13196HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2017-0855HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User…

  • CVE-2017-6135HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.02

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.

  • CVE-2017-2700HigNov 22, 2017
    risk 0.49cvss 7.5epss 0.01

    AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks.

  • CVE-2017-16892HigNov 19, 2017
    risk 0.49cvss 7.5epss 0.01

    In Bftpd before 4.7, there is a memory leak in the file rename function.

  • CVE-2017-15268HigOct 12, 2017
    risk 0.49cvss 7.5epss 0.04

    Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

  • CVE-2017-15189HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.

  • CVE-2017-15033HigOct 5, 2017
    risk 0.49cvss 7.5epss 0.02

    ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.

  • CVE-2017-0818HigOct 4, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.

  • CVE-2017-0813HigOct 4, 2017
    risk 0.49cvss 7.5epss 0.01

    A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.

  • CVE-2017-13748HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.05

    There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.

  • CVE-2017-12962HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.01

    There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.

  • CVE-2015-7701HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.07

    Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2017-12428HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.02

    In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.

  • CVE-2017-12418HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.03

    ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.

  • CVE-2017-11655HigJul 26, 2017
    risk 0.49cvss 7.5epss 0.03

    A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions.

  • CVE-2017-10981HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.