CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-7M86-H2JR-VW87
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 03:30In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path
Commit 5940d1cf9f42 ("SUNRPC: Rebalance a kref in auth_gss.c") added a kref_get(&gss_auth->kref) call to balance the gss_put_auth() done in gss_release_msg(), but forgot to add a corresponding kref_put() on the error path when kstrdup_const() fails.
If service_name is non-NULL and kstrdup_const() fails, the function jumps to err_put_pipe_version which calls put_pipe_version() and kfree(gss_msg), but never releases the gss_auth reference. This leads to a kref leak where the gss_auth structure is never freed.
Add a forward declaration for gss_free_callback() and call kref_put() in the err_put_pipe_version error path to properly release the reference taken earlier.
{
"affected": [],
"aliases": [
"CVE-2026-45964"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix gss_auth kref leak in gss_alloc_msg error path\n\nCommit 5940d1cf9f42 (\"SUNRPC: Rebalance a kref in auth_gss.c\") added\na kref_get(\u0026gss_auth-\u003ekref) call to balance the gss_put_auth() done\nin gss_release_msg(), but forgot to add a corresponding kref_put()\non the error path when kstrdup_const() fails.\n\nIf service_name is non-NULL and kstrdup_const() fails, the function\njumps to err_put_pipe_version which calls put_pipe_version() and\nkfree(gss_msg), but never releases the gss_auth reference. This leads\nto a kref leak where the gss_auth structure is never freed.\n\nAdd a forward declaration for gss_free_callback() and call kref_put()\nin the err_put_pipe_version error path to properly release the\nreference taken earlier.",
"id": "GHSA-7m86-h2jr-vw87",
"modified": "2026-06-16T03:30:33Z",
"published": "2026-05-27T15:33:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45964"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b2b6c42070ce4204936288253baf101e995c2d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/655c9ba9915f05266998dbbf4b76b3c79b8a70aa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a1bc9561b617ec7e2d09e6c134d1db8fcf9ca4a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a2d4e9a76de0b2178001214ba5de5bf94a7354aa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b559be2ec6cdb2e9c2c36c23fbbd4690d8a5c3f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c20f925214249bb4fc04f7e197bea142a6438af6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd2fdc3504592d85e549c523b054898a036a6afe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e464e26b2457005c87e158570498274b9f3b90c7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MCF-2F6V-594W
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-02 21:31In the Linux kernel, the following vulnerability has been resolved:
vdpasim: fix memory leak when freeing IOTLBs
After commit bda324fd037a ("vdpasim: control virtqueue support"), vdpasim->iommu became an array of IOTLB, so we should clean the mappings of each free one by one instead of just deleting the ranges in the first IOTLB which may leak maps.
{
"affected": [],
"aliases": [
"CVE-2022-50263"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:36Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpasim: fix memory leak when freeing IOTLBs\n\nAfter commit bda324fd037a (\"vdpasim: control virtqueue support\"),\nvdpasim-\u003eiommu became an array of IOTLB, so we should clean the\nmappings of each free one by one instead of just deleting the ranges\nin the first IOTLB which may leak maps.",
"id": "GHSA-7mcf-2f6v-594w",
"modified": "2025-12-02T21:31:25Z",
"published": "2025-09-15T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50263"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b7a04a30eef20e6b24926a45c0ce7906ae85bd6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16b22e27fba6fd816d0dcb98f42cc71f0836c27e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/54b210c90d2803a9f1c8fd2f0d08e90172e9a06d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MJF-5RRM-399R
Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2025-10-01 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/imagination: Break an object reference loop
When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with each object (or set of objects) referencing the object below it:
PVR GEM Object
GPU scheduler "finished" fence
GPU scheduler “scheduled” fence
PVR driver “done” fence
PVR Context
PVR VM Context
PVR VM Mappings
PVR GEM Object
The reference that the PVR VM Context has on the VM mappings is a soft one, in the sense that the freeing of outstanding VM mappings is done as part of VM context destruction; no reference counts are involved, as is the case for all the other references in the loop.
To break the reference loop during cleanup, free the outstanding VM mappings before destroying the PVR Context associated with the VM context.
{
"affected": [],
"aliases": [
"CVE-2024-53084"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T18:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Break an object reference loop\n\nWhen remaining resources are being cleaned up on driver close,\noutstanding VM mappings may result in resources being leaked, due\nto an object reference loop, as shown below, with each object (or\nset of objects) referencing the object below it:\n\n PVR GEM Object\n GPU scheduler \"finished\" fence\n GPU scheduler \u201cscheduled\u201d fence\n PVR driver \u201cdone\u201d fence\n PVR Context\n PVR VM Context\n PVR VM Mappings\n PVR GEM Object\n\nThe reference that the PVR VM Context has on the VM mappings is a\nsoft one, in the sense that the freeing of outstanding VM mappings\nis done as part of VM context destruction; no reference counts are\ninvolved, as is the case for all the other references in the loop.\n\nTo break the reference loop during cleanup, free the outstanding\nVM mappings before destroying the PVR Context associated with the\nVM context.",
"id": "GHSA-7mjf-5rrm-399r",
"modified": "2025-10-01T21:30:37Z",
"published": "2024-11-19T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53084"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b04ce1e718bd55302b52d05d6873e233cb3ec7a1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb86db12b290ed07d05df00d99fa150bb123e80e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MJX-Q39G-F9QC
Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-10-30 18:31In the Linux kernel, the following vulnerability has been resolved:
ovl: fix tmpfile leak
Missed an error cleanup.
{
"affected": [],
"aliases": [
"CVE-2023-53004"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T17:15:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix tmpfile leak\n\nMissed an error cleanup.",
"id": "GHSA-7mjx-q39g-f9qc",
"modified": "2025-10-30T18:31:04Z",
"published": "2025-03-27T18:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53004"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/baabaa505563362b71f2637aedd7b807d270656c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/caa0ea92503f8afa1941f6ac899e5c4e3f6ec8bb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MQ2-78WX-F53X
Vulnerability from github – Published: 2024-05-19 09:34 – Updated: 2025-09-24 21:30In the Linux kernel, the following vulnerability has been resolved:
tls: get psock ref after taking rxlock to avoid leak
At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference.
Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before.
{
"affected": [],
"aliases": [
"CVE-2024-35908"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T09:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: get psock ref after taking rxlock to avoid leak\n\nAt the start of tls_sw_recvmsg, we take a reference on the psock, and\nthen call tls_rx_reader_lock. If that fails, we return directly\nwithout releasing the reference.\n\nInstead of adding a new label, just take the reference after locking\nhas succeeded, since we don\u0027t need it before.",
"id": "GHSA-7mq2-78wx-f53x",
"modified": "2025-09-24T21:30:29Z",
"published": "2024-05-19T09:34:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35908"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MRH-GFR7-2P24
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-08 18:31In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: fix memory leak in error path of hci_alloc_dev()
Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory.
When device initialization fails before hci_register_dev() completes, the HCI_UNREGISTER flag is never set. As a result, when the device reference count reaches zero, bt_host_release() evaluates this flag as false and falls back to a direct kfree(hdev).
Because hci_release_dev() is bypassed, the SRCU struct initialized early in hci_alloc_dev() is never cleaned up, resulting in a leak of percpu memory.
Fix the leak by explicitly calling cleanup_srcu_struct() in the fallback (unregistered) branch of bt_host_release() before freeing the device.
{
"affected": [],
"aliases": [
"CVE-2026-53252"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix memory leak in error path of hci_alloc_dev()\n\nEarly failures in Bluetooth HCI UART configuration leak SRCU percpu\nmemory.\n\nWhen device initialization fails before hci_register_dev() completes,\nthe HCI_UNREGISTER flag is never set. As a result, when the device\nreference count reaches zero, bt_host_release() evaluates this flag as\nfalse and falls back to a direct kfree(hdev).\n\nBecause hci_release_dev() is bypassed, the SRCU struct initialized\nearly in hci_alloc_dev() is never cleaned up, resulting in a leak of\npercpu memory.\n\nFix the leak by explicitly calling cleanup_srcu_struct() in the\nfallback (unregistered) branch of bt_host_release() before freeing\nthe device.",
"id": "GHSA-7mrh-gfr7-2p24",
"modified": "2026-07-08T18:31:32Z",
"published": "2026-06-25T09:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53252"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0622e527a31d4b44737fed5c1a2ac1fc2cfb5184"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/37b3009bf5976e8ab77c8b9a9bc3bbd7ff49e37f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b7dfca6f852e6b9d809fd0263b5427cc9fb33fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bc2efe73c194a74839d7cf57b63880d97e21d309"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c016118b9e51eeaf5bc93850d4c455a3b583c0aa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce4b4cac3c5749b6aa75e62e2991ae2263f2f889"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f82799407a50af7bcacacf09cc9b279af8fe9b81"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7PGX-8VW6-GXGV
Vulnerability from github – Published: 2026-01-25 15:30 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: fix device leaks on compat bind and unbind
Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface.
{
"affected": [],
"aliases": [
"CVE-2025-71163"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-25T15:15:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix device leaks on compat bind and unbind\n\nMake sure to drop the reference taken when looking up the idxd device as\npart of the compat bind and unbind sysfs interface.",
"id": "GHSA-7pgx-8vw6-gxgv",
"modified": "2026-07-14T15:31:33Z",
"published": "2026-01-25T15:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71163"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c97ff108f825a70c3bb29d65ddf0a013d231bb9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/799900f01792cf8b525a44764f065f83fcafd468"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7226fd61def74b60dd8e47ec84cabafc39d575b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b2d077180a56e3b7c97b7517d0465b584adc693b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7bd948f89271c92d9ca9b2b682bfba56896e959"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c81ea0222eaaafdd77348e27d1e84a1b8cfc0c99"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7PXC-HV76-QWG9
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
{
"affected": [],
"aliases": [
"CVE-2019-7397"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-05T00:29:00Z",
"severity": "HIGH"
},
"details": "In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.",
"id": "GHSA-7pxc-hv76-qwg9",
"modified": "2022-05-13T01:10:29Z",
"published": "2022-05-13T01:10:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7397"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1454"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4034-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4712"
},
{
"type": "WEB",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106847"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7Q3W-F4RC-VR9M
Vulnerability from github – Published: 2025-05-19 03:30 – Updated: 2025-05-19 03:30In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uv_fs_s.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.
Impact:
* This vulnerability affects APIs relying on ReadFileUtf8 on Node.js release lines: v20 and v22.
{
"affected": [],
"aliases": [
"CVE-2025-23122"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-19T02:15:17Z",
"severity": "LOW"
},
"details": "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\n\nImpact:\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.",
"id": "GHSA-7q3w-f4rc-vr9m",
"modified": "2025-05-19T03:30:29Z",
"published": "2025-05-19T03:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23122"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-7Q6X-5WQ3-W7MH
Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-21 00:00Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.
{
"affected": [],
"aliases": [
"CVE-2022-23159"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-12T18:15:00Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.",
"id": "GHSA-7q6x-5wq3-w7mh",
"modified": "2022-04-21T00:00:47Z",
"published": "2022-04-13T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23159"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/000196009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.