Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-QHFV-HFVW-JQHQ

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2024-03-21 03:33
VLAI
Details

vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-8991"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-14T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs.",
  "id": "GHSA-qhfv-hfvw-jqhq",
  "modified": "2024-03-21T03:33:54Z",
  "published": "2022-05-24T17:09:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8991"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/?p=lvm2.git%3Ba=commit%3Bh=bcf9556b8fcd16ad8997f80cc92785f295c66701"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QHR6-6CGV-6638

Vulnerability from github – Published: 2025-12-10 21:30 – Updated: 2025-12-11 15:47
VLAI
Summary
Improper Memory Cleanup in the Okta Java SDK
Details

Description

In the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load.

Affected product and versions

You may be affected by this vulnerability if you meet the following preconditions: - Using the Okta Java SDK between versions 21.0.0 and 24.0.0, and - Implementing a long-running application using the ApiClient in a multi-threaded manner.

Resolution

Upgrade Okta/okta-sdk-java to versions 24.0.1 or greater.

Acknowledgement

Okta would like to thank Andrew Pikler (pyckle) for their discovery and responsible disclosure.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 24.0.0"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.okta.sdk:okta-sdk-root"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "21.0.0"
            },
            {
              "fixed": "24.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66033"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-10T21:30:55Z",
    "nvd_published_at": "2025-12-10T22:16:27Z",
    "severity": "MODERATE"
  },
  "details": "### Description\nIn the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load.\n\n### Affected product and versions\nYou may be affected by this vulnerability if you meet the following preconditions:\n- Using the Okta Java SDK between versions 21.0.0 and 24.0.0, and\n- Implementing a long-running application using the ApiClient in a multi-threaded manner.\n\n### Resolution\nUpgrade Okta/okta-sdk-java to versions 24.0.1 or greater. \n\n### Acknowledgement\nOkta would like to thank Andrew Pikler (pyckle) for their discovery and responsible disclosure.",
  "id": "GHSA-qhr6-6cgv-6638",
  "modified": "2025-12-11T15:47:30Z",
  "published": "2025-12-10T21:30:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/okta/okta-sdk-java/security/advisories/GHSA-qhr6-6cgv-6638"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66033"
    },
    {
      "type": "WEB",
      "url": "https://github.com/okta/okta-sdk-java/commit/1daa9229a70fc38fb252aeaa637f82d0b0729b3f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/okta/okta-sdk-java"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Memory Cleanup in the Okta Java SDK"
}

GHSA-QJF3-5P7Q-6R9M

Vulnerability from github – Published: 2026-03-04 21:32 – Updated: 2026-03-04 21:32
VLAI
Details

A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition.

This vulnerability is due to improperly validating input by the OSPF protocol when parsing packets. An attacker could exploit this vulnerability by by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-04T19:16:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition.\n\n This vulnerability is due to improperly validating input by the OSPF protocol when parsing packets. An attacker could exploit this vulnerability by by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.",
  "id": "GHSA-qjf3-5p7q-6r9m",
  "modified": "2026-03-04T21:32:45Z",
  "published": "2026-03-04T21:32:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20021"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospf-ZH8PhbSW"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJGM-WR4W-H2G9

Vulnerability from github – Published: 2024-02-27 15:30 – Updated: 2025-11-04 21:31
VLAI
Details

libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T15:15:07Z",
    "severity": "HIGH"
  },
  "details": "libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.",
  "id": "GHSA-qjgm-wr4w-h2g9",
  "modified": "2025-11-04T21:31:14Z",
  "published": "2024-02-27T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27507"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LuMingYinDetect/libLAS_defects/blob/main/libLAS_detect_1.md"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QRV2D4GYUZNZRJHVGFSYSOSZLCETI4E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2B6GZQ3WUVFNAAWFQJAQY7UM4OH5TA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOY7E2QWQRVXZTJGI7Z4KXGSU6BGEKH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2B6GZQ3WUVFNAAWFQJAQY7UM4OH5TA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOY7E2QWQRVXZTJGI7Z4KXGSU6BGEKH"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJH2-VWWM-CQJ6

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cassini: Fix a memory leak in the error handling path of cas_init_one()

cas_saturn_firmware_init() allocates some memory using vmalloc(). This memory is freed in the .remove() function but not it the error handling path of the probe.

Add the missing vfree() to avoid a memory leak, should an error occur.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53435"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncassini: Fix a memory leak in the error handling path of cas_init_one()\n\ncas_saturn_firmware_init() allocates some memory using vmalloc(). This\nmemory is freed in the .remove() function but not it the error handling\npath of the probe.\n\nAdd the missing vfree() to avoid a memory leak, should an error occur.",
  "id": "GHSA-qjh2-vwwm-cqj6",
  "modified": "2025-12-11T18:30:34Z",
  "published": "2025-09-18T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53435"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11c0ed097a874156957b515d0ba7e356142eab87"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/172146c26f0c1b86ab4e9ebffc7e06f04229fa17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/234e744d86bd95b381d24546df2dba72804e0219"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/412cd77a2c24b191c65ea53025222418db09817c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/60d8e8b88087d68e10c8991a0f6733fa2f963ff0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8b1a667744741fa7807b09a12797a27f14f3fac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc61f7582cc92d547d02e141cd66f5d1f4ed8012"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e20105d967ab5b53ff50a0e5991fe37324d2ba20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM45-PH68-VWCC

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details

ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-25T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c.",
  "id": "GHSA-qm45-ph68-vwcc",
  "modified": "2022-05-24T19:06:19Z",
  "published": "2022-05-24T19:06:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34183"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/3767"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QM4J-Q6JH-QW3P

Vulnerability from github – Published: 2024-08-22 03:31 – Updated: 2024-09-12 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: Fix I/O page table memory leak

The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memory leak, and can be observed when launching VM w/ pass-through devices.

Fix by freeing the memory used for page table before updating the mode.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-22T02:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix I/O page table memory leak\n\nThe current logic updates the I/O page table mode for the domain\nbefore calling the logic to free memory used for the page table.\nThis results in IOMMU page table memory leak, and can be observed\nwhen launching VM w/ pass-through devices.\n\nFix by freeing the memory used for page table before updating the mode.",
  "id": "GHSA-qm4j-q6jh-qw3p",
  "modified": "2024-09-12T15:32:59Z",
  "published": "2024-08-22T03:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48904"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/378e2fe1eb58d5c2ed55c8fe5e11f9db5033cdd6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b0b2d9a6a308bcd9300c2d83000a82812c56cea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c78627f757e37c2cf386b59c700c4e1574988597"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM56-9FRH-42H4

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-08T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
  "id": "GHSA-qm56-9frh-42h4",
  "modified": "2022-05-24T19:07:11Z",
  "published": "2022-05-24T19:07:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1596"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QM84-5C9V-92XM

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ipc: fix memleak if msg_init_ns failed in create_ipc_ns

Percpu memory allocation may failed during create_ipc_ns however this fail is not handled properly since ipc sysctls and mq sysctls is not released properly. Fix this by release these two resource when failure.

Here is the kmemleak stack when percpu failed:

unreferenced object 0xffff88819de2a600 (size 512): comm "shmem_2nstest", pid 120711, jiffies 4300542254 hex dump (first 32 bytes): 60 aa 9d 84 ff ff ff ff fc 18 48 b2 84 88 ff ff `.........H..... 04 00 00 00 a4 01 00 00 20 e4 56 81 ff ff ff ff ........ .V..... backtrace (crc be7cba35): [] __kmalloc_node_track_caller_noprof+0x333/0x420 [] kmemdup_noprof+0x26/0x50 [] setup_mq_sysctls+0x57/0x1d0 [] copy_ipcs+0x29c/0x3b0 [] create_new_namespaces+0x1d0/0x920 [] copy_namespaces+0x2e9/0x3e0 [] copy_process+0x29f3/0x7ff0 [] kernel_clone+0xc0/0x650 [] __do_sys_clone+0xa1/0xe0 [] do_syscall_64+0xbf/0x1c0 [] entry_SYSCALL_64_after_hwframe+0x4b/0x53

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53175"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T14:15:24Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix memleak if msg_init_ns failed in create_ipc_ns\n\nPercpu memory allocation may failed during create_ipc_ns however this\nfail is not handled properly since ipc sysctls and mq sysctls is not\nreleased properly. Fix this by release these two resource when failure.\n\nHere is the kmemleak stack when percpu failed:\n\nunreferenced object 0xffff88819de2a600 (size 512):\n  comm \"shmem_2nstest\", pid 120711, jiffies 4300542254\n  hex dump (first 32 bytes):\n    60 aa 9d 84 ff ff ff ff fc 18 48 b2 84 88 ff ff  `.........H.....\n    04 00 00 00 a4 01 00 00 20 e4 56 81 ff ff ff ff  ........ .V.....\n  backtrace (crc be7cba35):\n    [\u003cffffffff81b43f83\u003e] __kmalloc_node_track_caller_noprof+0x333/0x420\n    [\u003cffffffff81a52e56\u003e] kmemdup_noprof+0x26/0x50\n    [\u003cffffffff821b2f37\u003e] setup_mq_sysctls+0x57/0x1d0\n    [\u003cffffffff821b29cc\u003e] copy_ipcs+0x29c/0x3b0\n    [\u003cffffffff815d6a10\u003e] create_new_namespaces+0x1d0/0x920\n    [\u003cffffffff815d7449\u003e] copy_namespaces+0x2e9/0x3e0\n    [\u003cffffffff815458f3\u003e] copy_process+0x29f3/0x7ff0\n    [\u003cffffffff8154b080\u003e] kernel_clone+0xc0/0x650\n    [\u003cffffffff8154b6b1\u003e] __do_sys_clone+0xa1/0xe0\n    [\u003cffffffff843df8ff\u003e] do_syscall_64+0xbf/0x1c0\n    [\u003cffffffff846000b0\u003e] entry_SYSCALL_64_after_hwframe+0x4b/0x53",
  "id": "GHSA-qm84-5c9v-92xm",
  "modified": "2025-11-03T21:31:47Z",
  "published": "2024-12-27T15:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53175"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10209665b5bf199f8065b2e7d2b2dc6cdf227117"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d230cfd4b9b0558c7b2039ba1def2ce6b6cd158"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8fed302872e26c7bf44d855c53a1cde747172d58"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/928de5fcd462498b8334107035da8ab85e316d8a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc8f5921cd69188627c08041276238de222ab466"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QMGF-9W4W-Q3MJ

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details

Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-29T22:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.",
  "id": "GHSA-qmgf-9w4w-q3mj",
  "modified": "2022-05-13T01:13:40Z",
  "published": "2022-05-13T01:13:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9915"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-49"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=971f406b77a6eb84e0ad27dcc416b663765aee30"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94729"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.