CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-77XC-CWFF-62WP
Vulnerability from github – Published: 2026-05-26 21:31 – Updated: 2026-05-26 21:31A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The name of the patch is e79c5cbe8b3fed27f4854ec229457d30c96206f1. It is best practice to apply a patch to resolve this issue.
{
"affected": [],
"aliases": [
"CVE-2026-9572"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T19:16:34Z",
"severity": "LOW"
},
"details": "A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The name of the patch is e79c5cbe8b3fed27f4854ec229457d30c96206f1. It is best practice to apply a patch to resolve this issue.",
"id": "GHSA-77xc-cwff-62wp",
"modified": "2026-05-26T21:31:59Z",
"published": "2026-05-26T21:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9572"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/3557"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/e79c5cbe8b3fed27f4854ec229457d30c96206f1"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/27270415/poc.zip"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/817137"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/365631"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/365631/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-77XV-JXJW-V7MW
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment.
{
"affected": [],
"aliases": [
"CVE-2025-15572"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T16:16:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment.",
"id": "GHSA-77xv-jxjw-v7mw",
"modified": "2026-02-10T18:30:37Z",
"published": "2026-02-10T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15572"
},
{
"type": "WEB",
"url": "https://github.com/wasm3/wasm3/issues/550"
},
{
"type": "WEB",
"url": "https://github.com/oneafter/cve-proofs/blob/main/POC-20251203-07/repro"
},
{
"type": "WEB",
"url": "https://github.com/wasm3/wasm3"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.344934"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.344934"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.752765"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-782X-JH29-9MF7
Vulnerability from github – Published: 2026-02-24 15:45 – Updated: 2026-02-24 15:45Sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks.
==841485==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 13512 byte(s) in 1 object(s) allocated from:
#0 0x7ff330759887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25988"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-24T15:45:13Z",
"nvd_published_at": "2026-02-24T02:16:03Z",
"severity": "MODERATE"
},
"details": "Sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks.\n\n```\n==841485==ERROR: LeakSanitizer: detected memory leaks\n\nDirect leak of 13512 byte(s) in 1 object(s) allocated from:\n #0 0x7ff330759887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145\n```",
"id": "GHSA-782x-jh29-9mf7",
"modified": "2026-02-24T15:45:13Z",
"published": "2026-02-24T15:45:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25988"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/4354fc1d554ec2e6314aed13536efa7bde9593d2"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick: MSL image stack index may fail to refresh, leading to leaked images"
}
GHSA-7884-JHM8-9H7H
Vulnerability from github – Published: 2023-12-07 18:30 – Updated: 2023-12-12 21:31gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
{
"affected": [],
"aliases": [
"CVE-2023-48958"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-07T18:15:08Z",
"severity": "MODERATE"
},
"details": "gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.",
"id": "GHSA-7884-jhm8-9h7h",
"modified": "2023-12-12T21:31:10Z",
"published": "2023-12-07T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48958"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/2689"
},
{
"type": "WEB",
"url": "https://gist.github.com/dr0v/1204f7a5f1e1497e7bca066638acfbf5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7896-9859-H9RC
Vulnerability from github – Published: 2024-02-28 09:30 – Updated: 2024-12-06 15:31In the Linux kernel, the following vulnerability has been resolved:
ACPI: scan: Fix a memory leak in an error handling path
If 'acpi_device_set_name()' fails, we must free 'acpi_device_bus_id->bus_id' or there is a (potential) memory leak.
{
"affected": [],
"aliases": [
"CVE-2021-46985"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-28T09:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: scan: Fix a memory leak in an error handling path\n\nIf \u0027acpi_device_set_name()\u0027 fails, we must free\n\u0027acpi_device_bus_id-\u003ebus_id\u0027 or there is a (potential) memory leak.",
"id": "GHSA-7896-9859-h9rc",
"modified": "2024-12-06T15:31:18Z",
"published": "2024-02-28T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46985"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c8bd174f0fc131bc9dfab35cd8784f59045da87"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ab9857dde7c3ea3faef6b128d718cf8ba98721b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6901a4f795e0e8d65ae779cb37fc22e0bf294712"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69cc821e89ce572884548ac54c4f80eec7a837a5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7e17a8d421ae23c920240625b4413c7b94d94a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c5c8f6ffc942cf42f990f22e35bcf4cbe9d8c2fb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dafd4c0b5e835db020cff11c74b4af9493a58e72"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e2381174daeae0ca35eddffef02dcc8de8c1ef8a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78F8-W6WX-97FH
Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2022-03-17 00:05A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.
{
"affected": [],
"aliases": [
"CVE-2021-37205"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-09T16:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003e= V4.5.0 \u003c V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.9.2 \u003c V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions \u003e= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.",
"id": "GHSA-78f8-w6wx-97fh",
"modified": "2022-03-17T00:05:47Z",
"published": "2022-02-10T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37205"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78HH-RX69-P8V5
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 15:30In the Linux kernel, the following vulnerability has been resolved:
trace/blktrace: fix memory leak with using debugfs_lookup()
When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.
{
"affected": [],
"aliases": [
"CVE-2023-53408"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntrace/blktrace: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"id": "GHSA-78hh-rx69-p8v5",
"modified": "2025-12-11T15:30:30Z",
"published": "2025-09-18T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53408"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3036f5f5ae5210797d95446795df01c1249af9ad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5286b72fb425291af5f4ca7285d73c16a08d8691"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/83e8864fee26f63a7435e941b7c36a20fd6fe93e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a2e4b48d6f9b39aa19bafe223f9dd436a692fc80"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78HX-GP6G-7MJ6
Vulnerability from github – Published: 2024-03-20 18:10 – Updated: 2024-10-22 14:21Using crafted public RSA keys which are not compliant with SP 800-56B can cause a small memory leak when encrypting and verifying payloads.
An attacker can leverage this flaw to gradually erode available memory to the point where the host crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/golang-fips/go"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.22.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/golang-fips/openssl/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/microsoft/go-crypto-openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.2.8"
},
"package": {
"ecosystem": "Go",
"name": "github.com/microsoft/go-crypto-openssl/openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-1394"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-20T18:10:36Z",
"nvd_published_at": "2024-03-21T13:00:08Z",
"severity": "HIGH"
},
"details": "Using crafted public RSA keys which are not compliant with SP 800-56B can cause a small memory leak when encrypting and verifying payloads.\n\nAn attacker can leverage this flaw to gradually erode available memory to the point where the host crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.",
"id": "GHSA-78hx-gp6g-7mj6",
"modified": "2024-10-22T14:21:14Z",
"published": "2024-03-20T18:10:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1394"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f"
},
{
"type": "WEB",
"url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1462"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4378"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4379"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4502"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4581"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4591"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4672"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4699"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4761"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4762"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:5258"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:5634"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:7262"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-1394"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921"
},
{
"type": "PACKAGE",
"url": "https://github.com/golang-fips/openssl"
},
{
"type": "WEB",
"url": "https://github.com/golang-fips/openssl/releases/tag/v2.0.1"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/go-crypto-openssl/releases/tag/v0.2.9"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-2660"
},
{
"type": "WEB",
"url": "https://vuln.go.dev/ID/GO-2024-2660.json"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1468"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1472"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1501"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1502"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1561"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1563"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1566"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1567"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1574"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1640"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1644"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1646"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1763"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1897"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2568"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2569"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2729"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2730"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2767"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3265"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4146"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4371"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Memory leaks in code encrypting and verifying RSA payloads"
}
GHSA-78Q6-RMJ2-P97W
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-28 18:30In the Linux kernel, the following vulnerability has been resolved:
HID: asus: avoid memory leak in asus_report_fixup()
The asus_report_fixup() function was returning a newly allocated kmemdup()-allocated buffer, but never freeing it. Switch to devm_kzalloc() to ensure the memory is managed and freed automatically when the device is removed.
The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a pointer whose lifetime is at least that of the input buffer.
Also fix a harmless out-of-bounds read by copying only the original descriptor size.
{
"affected": [],
"aliases": [
"CVE-2026-31524"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:52Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: asus: avoid memory leak in asus_report_fixup()\n\nThe asus_report_fixup() function was returning a newly allocated\nkmemdup()-allocated buffer, but never freeing it. Switch to\ndevm_kzalloc() to ensure the memory is managed and freed automatically\nwhen the device is removed.\n\nThe caller of report_fixup() does not take ownership of the returned\npointer, but it is permitted to return a pointer whose lifetime is at\nleast that of the input buffer.\n\nAlso fix a harmless out-of-bounds read by copying only the original\ndescriptor size.",
"id": "GHSA-78q6-rmj2-p97w",
"modified": "2026-04-28T18:30:30Z",
"published": "2026-04-22T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31524"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2bad24c17742fc88973d6aea526ce1353f5334a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/726765b43deb2b4723869d673cc5fc6f7a3b2059"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84724ac4821a160d47b84289adf139023027bdbb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd7ed42cea8843dcf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f20f17cffbe34fb330267e0f8084f5565f807444"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78W3-6J2R-H8RQ
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-07-16 00:00A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2021-1387"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-24T20:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory.",
"id": "GHSA-78w3-6j2r-h8rq",
"modified": "2022-07-16T00:00:30Z",
"published": "2022-05-24T17:42:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1387"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipv6-netstack-edXPGV7K"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.