CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-F453-2M6V-7628
Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30In the Linux kernel, the following vulnerability has been resolved:
ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
Reset the last_readdir at the same time, and add a comment explaining why we don't free last_readdir when dir_emit returns false.
{
"affected": [],
"aliases": [
"CVE-2022-49107"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix memory leak in ceph_readdir when note_last_dentry returns error\n\nReset the last_readdir at the same time, and add a comment explaining\nwhy we don\u0027t free last_readdir when dir_emit returns false.",
"id": "GHSA-f453-2m6v-7628",
"modified": "2025-03-14T00:30:49Z",
"published": "2025-03-14T00:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49107"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fe82d3254029ef9ec4e7be890125d5ef4f537de"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7f740ede35132d3d5d19747cad56a511d21bb156"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e792575b902a3939ca482491ee9fb3a236f99640"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f4429786129648a8f4bb1e5faa143c4478cc5c4a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f639d9867eea647005dc824e0e24f39ffc50d4e4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F46F-FJF4-H4M2
Vulnerability from github – Published: 2025-07-23 21:36 – Updated: 2025-07-25 06:30Redis through 7.4.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions.
{
"affected": [],
"aliases": [
"CVE-2025-46686"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-789"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-23T19:15:33Z",
"severity": "MODERATE"
},
"details": "Redis through 7.4.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions.",
"id": "GHSA-f46f-fjf4-h4m2",
"modified": "2025-07-25T06:30:30Z",
"published": "2025-07-23T21:36:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46686"
},
{
"type": "WEB",
"url": "https://github.com/io-no/CVE-Reports/issues/1"
},
{
"type": "WEB",
"url": "https://github.com/redis/redis"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F4QF-GVQG-CHFR
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2021-33361"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-13T20:15:00Z",
"severity": "MODERATE"
},
"details": "Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.",
"id": "GHSA-f4qf-gvqg-chfr",
"modified": "2022-05-24T19:14:16Z",
"published": "2022-05-24T19:14:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33361"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1782"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/a51f951b878c2b73c1d8e2f1518c7cdc5fb82c3f"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F5V3-QM6R-5P3W
Vulnerability from github – Published: 2022-11-01 19:00 – Updated: 2025-05-05 18:32Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.
{
"affected": [],
"aliases": [
"CVE-2022-42326"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-01T13:15:00Z",
"severity": "MODERATE"
},
"details": "Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.",
"id": "GHSA-f5v3-qm6r-5p3w",
"modified": "2025-05-05T18:32:26Z",
"published": "2022-11-01T19:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42326"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202402-07"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5272"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-421.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/11"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-421.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5X9-85F3-F3R4
Vulnerability from github – Published: 2024-03-02 00:31 – Updated: 2024-11-07 00:30In the Linux kernel, the following vulnerability has been resolved:
nvmet: fix memory leak in nvmet_alloc_ctrl()
When creating ctrl in nvmet_alloc_ctrl(), if the cntlid_min is larger than cntlid_max of the subsystem, and jumps to the "out_free_changed_ns_list" label, but the ctrl->sqs lack of be freed. Fix this by jumping to the "out_free_sqs" label.
{
"affected": [],
"aliases": [
"CVE-2021-47075"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-01T22:15:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix memory leak in nvmet_alloc_ctrl()\n\nWhen creating ctrl in nvmet_alloc_ctrl(), if the cntlid_min is larger\nthan cntlid_max of the subsystem, and jumps to the\n\"out_free_changed_ns_list\" label, but the ctrl-\u003esqs lack of be freed.\nFix this by jumping to the \"out_free_sqs\" label.",
"id": "GHSA-f5x9-85f3-f3r4",
"modified": "2024-11-07T00:30:35Z",
"published": "2024-03-02T00:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47075"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4720f29acb3fe67aa8aa71e6b675b079d193aaeb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/afb680ed7ecbb7fd66ddb43650e9b533fd8b4b9a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fec356a61aa3d3a66416b4321f1279e09e0f256f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F5XQ-H855-6HMF
Vulnerability from github – Published: 2022-01-20 00:02 – Updated: 2023-07-24 15:30An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.
{
"affected": [],
"aliases": [
"CVE-2022-22155"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-19T01:15:00Z",
"severity": "MODERATE"
},
"details": "An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.",
"id": "GHSA-f5xq-h855-6hmf",
"modified": "2023-07-24T15:30:18Z",
"published": "2022-01-20T00:02:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22155"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11263"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F679-5WX9-QFMM
Vulnerability from github – Published: 2024-12-02 15:31 – Updated: 2024-12-11 21:31In the Linux kernel, the following vulnerability has been resolved:
vsock: Fix sk_error_queue memory leak
Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recv()ed. To prevent memory leaks, clean up the queue when the socket is destroyed.
unreferenced object 0xffff8881028beb00 (size 224): comm "vsock_test", pid 1218, jiffies 4294694897 hex dump (first 32 bytes): 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!..... 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!..... backtrace (crc 6c7031ca): [] kmem_cache_alloc_node_noprof+0x2f7/0x370 [] __alloc_skb+0x132/0x180 [] sock_omalloc+0x4b/0x80 [] msg_zerocopy_realloc+0x9e/0x240 [] virtio_transport_send_pkt_info+0x412/0x4c0 [] virtio_transport_stream_enqueue+0x43/0x50 [] vsock_connectible_sendmsg+0x373/0x450 [] _syssendmsg+0x365/0x3a0 [] _sys_sendmsg+0x84/0xd0 [] __sys_sendmsg+0x47/0x80 [] do_syscall_64+0x93/0x180 [] entry_SYSCALL_64_after_hwframe+0x76/0x7e
{
"affected": [],
"aliases": [
"CVE-2024-53118"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-02T14:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix sk_error_queue memory leak\n\nKernel queues MSG_ZEROCOPY completion notifications on the error queue.\nWhere they remain, until explicitly recv()ed. To prevent memory leaks,\nclean up the queue when the socket is destroyed.\n\nunreferenced object 0xffff8881028beb00 (size 224):\n comm \"vsock_test\", pid 1218, jiffies 4294694897\n hex dump (first 32 bytes):\n 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!.....\n 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!.....\n backtrace (crc 6c7031ca):\n [\u003cffffffff81418ef7\u003e] kmem_cache_alloc_node_noprof+0x2f7/0x370\n [\u003cffffffff81d35882\u003e] __alloc_skb+0x132/0x180\n [\u003cffffffff81d2d32b\u003e] sock_omalloc+0x4b/0x80\n [\u003cffffffff81d3a8ae\u003e] msg_zerocopy_realloc+0x9e/0x240\n [\u003cffffffff81fe5cb2\u003e] virtio_transport_send_pkt_info+0x412/0x4c0\n [\u003cffffffff81fe6183\u003e] virtio_transport_stream_enqueue+0x43/0x50\n [\u003cffffffff81fe0813\u003e] vsock_connectible_sendmsg+0x373/0x450\n [\u003cffffffff81d233d5\u003e] ____sys_sendmsg+0x365/0x3a0\n [\u003cffffffff81d246f4\u003e] ___sys_sendmsg+0x84/0xd0\n [\u003cffffffff81d26f47\u003e] __sys_sendmsg+0x47/0x80\n [\u003cffffffff820d3df3\u003e] do_syscall_64+0x93/0x180\n [\u003cffffffff8220012b\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"id": "GHSA-f679-5wx9-qfmm",
"modified": "2024-12-11T21:31:57Z",
"published": "2024-12-02T15:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53118"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bea4779a45f49275b1e1b1bd9de03cd3727244d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F67Q-P3W8-RP9R
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
{
"affected": [],
"aliases": [
"CVE-2020-3505"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-26T17:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
"id": "GHSA-f67q-p3w8-rp9r",
"modified": "2022-05-24T17:26:44Z",
"published": "2022-05-24T17:26:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3505"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-memleak-k5Z7m55t"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F67W-C9W2-5V69
Vulnerability from github – Published: 2022-03-12 00:00 – Updated: 2022-03-19 00:01A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-0853"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-11T18:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.",
"id": "GHSA-f67w-c9w2-5v69",
"modified": "2022-03-19T00:01:14Z",
"published": "2022-03-12T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725"
},
{
"type": "WEB",
"url": "https://github.com/ByteHackr/CVE-2022-0853"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F684-QH6C-RP3V
Vulnerability from github – Published: 2022-04-30 18:15 – Updated: 2022-04-30 18:15Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
{
"affected": [],
"aliases": [
"CVE-2001-0136"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-03-12T05:00:00Z",
"severity": "MODERATE"
},
"details": "Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.",
"id": "GHSA-f684-qh6c-rp3v",
"modified": "2022-04-30T18:15:30Z",
"published": "2022-04-30T18:15:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0136"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5801"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000380"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2001/dsa-029"
},
{
"type": "WEB",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/152206"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.