CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-CVMR-QP3P-228W
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2023-12-31 21:30A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-16949"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-16T23:15:00Z",
"severity": "HIGH"
},
"details": "A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka \u0027Microsoft Outlook Denial of Service Vulnerability\u0027.",
"id": "GHSA-cvmr-qp3p-228w",
"modified": "2023-12-31T21:30:23Z",
"published": "2022-05-24T17:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16949"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CVQ3-56R9-HH2H
Vulnerability from github – Published: 2024-08-22 03:31 – Updated: 2024-09-12 15:32In the Linux kernel, the following vulnerability has been resolved:
auxdisplay: lcd2s: Fix memory leak in ->remove()
Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switching to devm_kzalloc().
{
"affected": [],
"aliases": [
"CVE-2022-48907"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-22T02:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nauxdisplay: lcd2s: Fix memory leak in -\u003eremove()\n\nOnce allocated the struct lcd2s_data is never freed.\nFix the memory leak by switching to devm_kzalloc().",
"id": "GHSA-cvq3-56r9-hh2h",
"modified": "2024-09-12T15:32:59Z",
"published": "2024-08-22T03:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48907"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3585ed5f9b11a6094dd991d76a1541e5d03b986a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d53cd33f4253aa4cf02bf7e670b3c6a99674351"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/898c0a15425a5bcaa8d44bd436eae5afd2483796"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CVXV-RH32-GJ86
Vulnerability from github – Published: 2023-04-12 21:30 – Updated: 2024-04-04 03:25On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.
{
"affected": [],
"aliases": [
"CVE-2023-24511"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-12T21:15:00Z",
"severity": "HIGH"
},
"details": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.",
"id": "GHSA-cvxv-rh32-gj86",
"modified": "2024-04-04T03:25:35Z",
"published": "2023-04-12T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24511"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CWGG-8744-62HW
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-02-03 18:30In the Linux kernel, the following vulnerability has been resolved:
HID: usbhid: free raw_report buffers in usbhid_stop
Free the unsent raw_report buffers when the device is removed.
Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47
{
"affected": [],
"aliases": [
"CVE-2021-47405"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:26Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: free raw_report buffers in usbhid_stop\n\nFree the unsent raw_report buffers when the device is removed.\n\nFixes a memory leak reported by syzbot at:\nhttps://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47",
"id": "GHSA-cwgg-8744-62hw",
"modified": "2025-02-03T18:30:37Z",
"published": "2024-05-21T15:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47405"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b704864c92dcec2b295f276fcfbfb81d9831f81"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/764ac04de056801dfe52a716da63f6e7018e7f3b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ce4e49146612261265671b1d30d117139021030"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/965147067fa1bedff3ae1f07ce3f89f1a14d2df3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3156fea4d8a0e643625dff69a0421e872d1fdae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/efc5c8d29256955cc90d8d570849b2d6121ed09f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7744fa16b96da57187dc8e5634152d3b63d72de"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7ac4d24e1610b92689946fa88177673f1e88a3f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CWGV-434W-9FVV
Vulnerability from github – Published: 2022-05-04 00:00 – Updated: 2022-05-12 00:02JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.
{
"affected": [],
"aliases": [
"CVE-2021-41959"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-03T11:15:00Z",
"severity": "HIGH"
},
"details": "JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.",
"id": "GHSA-cwgv-434w-9fvv",
"modified": "2022-05-12T00:02:12Z",
"published": "2022-05-04T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41959"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/issues/4781"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/pull/4787"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CWJR-X8P7-6PV8
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-13 21:31In the Linux kernel, the following vulnerability has been resolved:
hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin
When calling of_parse_phandle_with_args(), the caller is responsible to call of_node_put() to release the reference of device node. In nct7363_present_pwm_fanin, it does not release the reference, causing a resource leak.
{
"affected": [],
"aliases": [
"CVE-2026-43165"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:34Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin\n\nWhen calling of_parse_phandle_with_args(), the caller is responsible\nto call of_node_put() to release the reference of device node.\nIn nct7363_present_pwm_fanin, it does not release the reference,\ncausing a resource leak.",
"id": "GHSA-cwjr-x8p7-6pv8",
"modified": "2026-05-13T21:31:58Z",
"published": "2026-05-06T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43165"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4923bbff0bcffe488b3aa76829c829bd15b02585"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c8cde3ddd12ad7d0e6b5a3e0ea3914a9a778adf4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb99b58763a95e20b214fc1dd86837ae00a400b7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CWWQ-5GFF-9X59
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-28 18:30In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix leakage in __construct_region()
Failing the first sysfs_update_group() needs to explicitly kfree the resource as it is too early for cxl_region_iomem_release() to do so.
{
"affected": [],
"aliases": [
"CVE-2026-31529"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:53Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix leakage in __construct_region()\n\nFailing the first sysfs_update_group() needs to explicitly\nkfree the resource as it is too early for cxl_region_iomem_release()\nto do so.",
"id": "GHSA-cwwq-5gff-9x59",
"modified": "2026-04-28T18:30:30Z",
"published": "2026-04-22T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31529"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/77b310bb7b5ff8c017524df83292e0242ba89791"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1b4741adf08b0063291ec1b0dfa9c3d55644933"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CX44-FGG3-FCP4
Vulnerability from github – Published: 2026-07-06 15:30 – Updated: 2026-07-06 21:30Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol.
i_readjpeg_wiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with *iptc_itext = mymalloc(...) and overwrites the previous pointer without freeing it. Only the final payload is later turned into a Perl scalar and freed, so a JPEG with N such markers leaks the first N-1 payloads on every read.
In a long-lived process, such as an upload or thumbnailing service, repeated reads accumulate these leaks and exhaust available memory, a denial of service.
The same handler ships bundled in the Imager distribution, where versions before 1.032 are affected and the fix ships in 1.032.
{
"affected": [],
"aliases": [
"CVE-2026-13708"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-06T13:16:32Z",
"severity": "HIGH"
},
"details": "Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol.\n\ni_readjpeg_wiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with *iptc_itext = mymalloc(...) and overwrites the previous pointer without freeing it. Only the final payload is later turned into a Perl scalar and freed, so a JPEG with N such markers leaks the first N-1 payloads on every read.\n\nIn a long-lived process, such as an upload or thumbnailing service, repeated reads accumulate these leaks and exhaust available memory, a denial of service.\n\nThe same handler ships bundled in the Imager distribution, where versions before 1.032 are affected and the fix ships in 1.032.",
"id": "GHSA-cx44-fgg3-fcp4",
"modified": "2026-07-06T21:30:37Z",
"published": "2026-07-06T15:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13708"
},
{
"type": "WEB",
"url": "https://github.com/tonycoz/imager/commit/9f1c485ca3ee15dc261549e11afb356866552c3a.patch"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/TONYC/Imager-File-JPEG-1.003/source/Changes"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/06/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CX4P-CV2H-HF45
Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-14 21:32In the Linux kernel, the following vulnerability has been resolved:
fbdev: smscufx: fix error handling code in ufx_usb_probe
The current error handling code in ufx_usb_probe have many unmatching issues, e.g., missing ufx_free_usb_list, destroy_modedb label should only include framebuffer_release, fb_dealloc_cmap only matches fb_alloc_cmap.
My local syzkaller reports a memory leak bug:
memory leak in ufx_usb_probe
BUG: memory leak unreferenced object 0xffff88802f879580 (size 128): comm "kworker/0:7", pid 17416, jiffies 4295067474 (age 46.710s) hex dump (first 32 bytes): 80 21 7c 2e 80 88 ff ff 18 d0 d0 0c 80 88 ff ff .!|............. 00 d0 d0 0c 80 88 ff ff e0 ff ff ff 0f 00 00 00 ................ backtrace: [] kmalloc_trace+0x20/0x90 mm/slab_common.c:1045 [] kmalloc include/linux/slab.h:553 [inline] [] kzalloc include/linux/slab.h:689 [inline] [] ufx_alloc_urb_list drivers/video/fbdev/smscufx.c:1873 [inline] [] ufx_usb_probe+0x11c/0x15a0 drivers/video/fbdev/smscufx.c:1655 [] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [] call_driver_probe drivers/base/dd.c:560 [inline] [] really_probe+0x12d/0x390 drivers/base/dd.c:639 [] __driver_probe_device+0xbf/0x140 drivers/base/dd.c:778 [] driver_probe_device+0x2a/0x120 drivers/base/dd.c:808 [] __device_attach_driver+0xf7/0x150 drivers/base/dd.c:936 [] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427 [] __device_attach+0x105/0x2d0 drivers/base/dd.c:1008 [] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487 [] device_add+0x642/0xdc0 drivers/base/core.c:3517 [] usb_set_configuration+0x8ef/0xb80 drivers/usb/core/message.c:2170 [] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [] call_driver_probe drivers/base/dd.c:560 [inline] [] really_probe+0x12d/0x390 drivers/base/dd.c:639 [] __driver_probe_device+0xbf/0x140 drivers/base/dd.c:778
Fix this bug by rewriting the error handling code in ufx_usb_probe.
{
"affected": [],
"aliases": [
"CVE-2022-49741"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T17:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: smscufx: fix error handling code in ufx_usb_probe\n\nThe current error handling code in ufx_usb_probe have many unmatching\nissues, e.g., missing ufx_free_usb_list, destroy_modedb label should\nonly include framebuffer_release, fb_dealloc_cmap only matches\nfb_alloc_cmap.\n\nMy local syzkaller reports a memory leak bug:\n\nmemory leak in ufx_usb_probe\n\nBUG: memory leak\nunreferenced object 0xffff88802f879580 (size 128):\n comm \"kworker/0:7\", pid 17416, jiffies 4295067474 (age 46.710s)\n hex dump (first 32 bytes):\n 80 21 7c 2e 80 88 ff ff 18 d0 d0 0c 80 88 ff ff .!|.............\n 00 d0 d0 0c 80 88 ff ff e0 ff ff ff 0f 00 00 00 ................\n backtrace:\n [\u003cffffffff814c99a0\u003e] kmalloc_trace+0x20/0x90 mm/slab_common.c:1045\n [\u003cffffffff824d219c\u003e] kmalloc include/linux/slab.h:553 [inline]\n [\u003cffffffff824d219c\u003e] kzalloc include/linux/slab.h:689 [inline]\n [\u003cffffffff824d219c\u003e] ufx_alloc_urb_list drivers/video/fbdev/smscufx.c:1873 [inline]\n [\u003cffffffff824d219c\u003e] ufx_usb_probe+0x11c/0x15a0 drivers/video/fbdev/smscufx.c:1655\n [\u003cffffffff82d17927\u003e] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396\n [\u003cffffffff82712f0d\u003e] call_driver_probe drivers/base/dd.c:560 [inline]\n [\u003cffffffff82712f0d\u003e] really_probe+0x12d/0x390 drivers/base/dd.c:639\n [\u003cffffffff8271322f\u003e] __driver_probe_device+0xbf/0x140 drivers/base/dd.c:778\n [\u003cffffffff827132da\u003e] driver_probe_device+0x2a/0x120 drivers/base/dd.c:808\n [\u003cffffffff82713c27\u003e] __device_attach_driver+0xf7/0x150 drivers/base/dd.c:936\n [\u003cffffffff82710137\u003e] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427\n [\u003cffffffff827136b5\u003e] __device_attach+0x105/0x2d0 drivers/base/dd.c:1008\n [\u003cffffffff82711d36\u003e] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487\n [\u003cffffffff8270e242\u003e] device_add+0x642/0xdc0 drivers/base/core.c:3517\n [\u003cffffffff82d14d5f\u003e] usb_set_configuration+0x8ef/0xb80 drivers/usb/core/message.c:2170\n [\u003cffffffff82d2576c\u003e] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238\n [\u003cffffffff82d16ffc\u003e] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293\n [\u003cffffffff82712f0d\u003e] call_driver_probe drivers/base/dd.c:560 [inline]\n [\u003cffffffff82712f0d\u003e] really_probe+0x12d/0x390 drivers/base/dd.c:639\n [\u003cffffffff8271322f\u003e] __driver_probe_device+0xbf/0x140 drivers/base/dd.c:778\n\nFix this bug by rewriting the error handling code in ufx_usb_probe.",
"id": "GHSA-cx4p-cv2h-hf45",
"modified": "2025-04-14T21:32:23Z",
"published": "2025-03-27T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49741"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b4c08844628dfc8d72d3f51b657f2a5e63b7b4b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3931014367ef31d26af65386a4ca496f50f0cfdf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b3d3127f5b4291ae4caaf50f7b66089ad600480"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64fa364ad3245508d393e16ed4886f92d7eb423c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b76449ee75e21acfe9fa4c653d8598f191ed7d68"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CXFW-JRJ9-6WMG
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-09-28 00:00A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
{
"affected": [],
"aliases": [
"CVE-2020-8229"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-10T14:15:00Z",
"severity": "MODERATE"
},
"details": "A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.",
"id": "GHSA-cxfw-jrj9-6wmg",
"modified": "2022-09-28T00:00:22Z",
"published": "2022-05-24T17:25:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8229"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/588562"
},
{
"type": "WEB",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-034"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.