Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-8JQ9-V6Q2-FRCJ

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-08-06 00:00
VLAI
Details

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-08T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
  "id": "GHSA-8jq9-v6q2-frcj",
  "modified": "2022-08-06T00:00:40Z",
  "published": "2022-05-24T17:46:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1251"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M49-9G53-W72P

Vulnerability from github – Published: 2025-09-23 18:30 – Updated: 2025-09-23 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()

The error handling path of the probe releases a resource that is not freed in the remove function. In some cases, a ioremap() must be undone.

Add the missing iounmap() call in the remove function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49095"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:46Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()\n\nThe error handling path of the probe releases a resource that is not freed\nin the remove function. In some cases, a ioremap() must be undone.\n\nAdd the missing iounmap() call in the remove function.",
  "id": "GHSA-8m49-9g53-w72p",
  "modified": "2025-09-23T18:30:20Z",
  "published": "2025-09-23T18:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49095"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16ed828b872d12ccba8f07bcc446ae89ba662f9c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e0c01319dedf1e63ec5df37ead048e17afd92ba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34a47f7ddb4fd1cbd12397aa6f7dad1de08b4050"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a845c678e094894f38cc9526d212b21933ce44c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aefd755a96051aa56b198cb7ecd168b22ba384f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5f77b595379b5191316edd365a542f8b1526066"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce430cfad6a5385d5b7f7c1dc3fa50f10abfd41b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db863ab2baf058ed05c7b723612e3c40c9dd6885"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de6aee0978f164d3d0c771ce03e3066a26c371c5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8MJ9-585G-24HV

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: call op_release, even when op_func returns an error

For ops with "trivial" replies, nfsd4_encode_operation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is calling op_release. This could cause a memory leak in the layoutget codepath if there is an error at an inopportune time.

Have the compound processing engine always call op_release, even when op_func sets an error in op->status. With this change, we also need nfsd4_block_get_device_info_scsi to set the gd_device pointer to NULL on error to avoid a double free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53241"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: call op_release, even when op_func returns an error\n\nFor ops with \"trivial\" replies, nfsd4_encode_operation will shortcut\nmost of the encoding work and skip to just marshalling up the status.\nOne of the things it skips is calling op_release. This could cause a\nmemory leak in the layoutget codepath if there is an error at an\ninopportune time.\n\nHave the compound processing engine always call op_release, even when\nop_func sets an error in op-\u003estatus. With this change, we also need\nnfsd4_block_get_device_info_scsi to set the gd_device pointer to NULL\non error to avoid a double free.",
  "id": "GHSA-8mj9-585g-24hv",
  "modified": "2025-12-03T21:31:00Z",
  "published": "2025-09-15T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53241"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/15a8b55dbb1ba154d82627547c5761cac884d810"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d0dcada384af22dec764c8374a2997870ec86ae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65a33135e91e6dd661ecdf1194b9d90c49ae3570"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b11d8162c24af4a351d21e2c804d25ca493305e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b623a8e5d38a69a3ef8644acb1030dd7c7bc28b3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8MXQ-7XR7-2FXJ

Vulnerability from github – Published: 2026-04-03 21:42 – Updated: 2026-04-06 23:10
VLAI
Summary
LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)
Details

Summary

The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service.

Patches

  • upgrade jupyterhub-litauthenticator to 1.6.3
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.6.2"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterhub-ltiauthenticator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-03T21:42:35Z",
    "nvd_published_at": "2026-04-03T23:17:03Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nThe LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service.\n\n## Patches\n\n- upgrade jupyterhub-litauthenticator to 1.6.3",
  "id": "GHSA-8mxq-7xr7-2fxj",
  "modified": "2026-04-06T23:10:01Z",
  "published": "2026-04-03T21:42:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-8mxq-7xr7-2fxj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34052"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyterhub/ltiauthenticator"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyterhub/ltiauthenticator/releases/tag/1.6.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)"
}

GHSA-8P4G-7VVJ-G5R6

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mISDN: fix possible memory leak in mISDN_register_device()

Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, add put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0.

Set device class before put_device() to avoid null release() function WARN message in device_release().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible memory leak in mISDN_register_device()\n\nAfer commit 1fa5ae857bb1 (\"driver core: get rid of struct device\u0027s\nbus_id string array\"), the name of device is allocated dynamically,\nadd put_device() to give up the reference, so that the name can be\nfreed in kobject_cleanup() when the refcount is 0.\n\nSet device class before put_device() to avoid null release() function\nWARN message in device_release().",
  "id": "GHSA-8p4g-7vvj-g5r6",
  "modified": "2025-05-07T15:31:26Z",
  "published": "2025-05-01T15:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49915"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/029d5b7688a2f3a86f2a3be5a6ba9cc968c80e41"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/080aabfb29b2ee9cbb8894a1d039651943d3773e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d4e91efcaee081e919b3c50e875ecbb84290e41"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ff6b669523d3b3d253a044fa9636a67d0694995"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a636fc5a7cabd05699b5692ad838c2c7a3abec7b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d1d1aede313eb2b9a84afd60ff6cfb7c33631e0e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e77d213843e67b4373285712699b692f9c743f61"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7d1d4d9ac0dfa40be4c2c8abd0731659869b297"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P4Q-63F6-RQFP

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

block: Fix possible memory leak for rq_wb on add_disk failure

kmemleak reported memory leaks in device_add_disk():

kmemleak: 3 new suspected memory leaks

unreferenced object 0xffff88800f420800 (size 512): comm "modprobe", pid 4275, jiffies 4295639067 (age 223.512s) hex dump (first 32 bytes): 04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 ................ 00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000d3662699>] kmalloc_trace+0x26/0x60 [<00000000edc7aadc>] wbt_init+0x50/0x6f0 [<0000000069601d16>] wbt_enable_default+0x157/0x1c0 [<0000000028fc393f>] blk_register_queue+0x2a4/0x420 [<000000007345a042>] device_add_disk+0x6fd/0xe40 [<0000000060e6aab0>] nbd_dev_add+0x828/0xbf0 [nbd] ...

It is because the memory allocated in wbt_enable_default() is not released in device_add_disk() error path. Normally, these memory are freed in:

del_gendisk() rq_qos_exit() rqos->ops->exit(rqos); wbt_exit()

So rq_qos_exit() is called to free the rq_wb memory for wbt_init(). However in the error path of device_add_disk(), only blk_unregister_queue() is called and make rq_wb memory leaked.

Add rq_qos_exit() to the error path to fix it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49902"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix possible memory leak for rq_wb on add_disk failure\n\nkmemleak reported memory leaks in device_add_disk():\n\nkmemleak: 3 new suspected memory leaks\n\nunreferenced object 0xffff88800f420800 (size 512):\n  comm \"modprobe\", pid 4275, jiffies 4295639067 (age 223.512s)\n  hex dump (first 32 bytes):\n    04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00  ................\n    00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c00000000d3662699\u003e] kmalloc_trace+0x26/0x60\n    [\u003c00000000edc7aadc\u003e] wbt_init+0x50/0x6f0\n    [\u003c0000000069601d16\u003e] wbt_enable_default+0x157/0x1c0\n    [\u003c0000000028fc393f\u003e] blk_register_queue+0x2a4/0x420\n    [\u003c000000007345a042\u003e] device_add_disk+0x6fd/0xe40\n    [\u003c0000000060e6aab0\u003e] nbd_dev_add+0x828/0xbf0 [nbd]\n    ...\n\nIt is because the memory allocated in wbt_enable_default() is not\nreleased in device_add_disk() error path.\nNormally, these memory are freed in:\n\ndel_gendisk()\n  rq_qos_exit()\n    rqos-\u003eops-\u003eexit(rqos);\n      wbt_exit()\n\nSo rq_qos_exit() is called to free the rq_wb memory for wbt_init().\nHowever in the error path of device_add_disk(), only\nblk_unregister_queue() is called and make rq_wb memory leaked.\n\nAdd rq_qos_exit() to the error path to fix it.",
  "id": "GHSA-8p4q-63f6-rqfp",
  "modified": "2025-05-07T15:31:26Z",
  "published": "2025-05-01T15:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49902"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e68c5da60cd79950bd56287ae80b39d6261f995"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/528677d3b4af985445bd4ac667485ded1ed11220"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa81cbafbf5764ad5053512152345fab37a1fe18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P5W-GVHJ-24MG

Vulnerability from github – Published: 2022-10-01 00:00 – Updated: 2022-10-04 00:00
VLAI
Details

An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream, char const, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41847"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-30T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*\u0026) in System/StdC/Ap4StdCFileByteStream.cpp.",
  "id": "GHSA-8p5w-gvhj-24mg",
  "modified": "2022-10-04T00:00:18Z",
  "published": "2022-10-01T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41847"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/750"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/759"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/775"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PJM-37V5-RW5H

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

rust: pwm: Fix potential memory leak on init error

When initializing a PWM chip using pwmchip_alloc(), the allocated device owns an initial reference that must be released on all error paths.

If __pinned_init() were to fail, the allocated pwm_chip would currently leak because the error path returns without calling pwmchip_put().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrust: pwm: Fix potential memory leak on init error\n\nWhen initializing a PWM chip using pwmchip_alloc(), the allocated device\nowns an initial reference that must be released on all error paths.\n\nIf __pinned_init() were to fail, the allocated pwm_chip would currently\nleak because the error path returns without calling pwmchip_put().",
  "id": "GHSA-8pjm-37v5-rw5h",
  "modified": "2026-06-25T15:31:43Z",
  "published": "2026-05-27T15:33:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45926"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2633dc243c35754a0c2270131d8a199c987c9bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/baa8b7097d9cc68ff85819cf683972a58c2ce32b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PRJ-GX2P-FGX6

Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak

Free the memory allocated in v4l2_ctrl_handler_init on release.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T13:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx: csc/scaler: fix v4l2_ctrl_handler memory leak\n\nFree the memory allocated in v4l2_ctrl_handler_init on release.",
  "id": "GHSA-8prj-gx2p-fgx6",
  "modified": "2026-05-12T12:31:45Z",
  "published": "2024-05-01T15:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27076"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42492b00156c03a79fd4851190aa63045d6a15ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4797a3dd46f220e6d83daf54d70c5b33db6deb01"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d9fe604bf9b5b09d2215225df55f22a4cbbc684"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c92224721a439d6350db5933a1060768dcd565e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8c2e4efe1278cd2b230cdbf90a6cefbf00acc282"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8df9a3c7044b847e9c4dc7e683fd64c6b873f328"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b1d0eebaf87cc9ccd05f779ec4a0589f95d6c18b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d164ddc21e986dd9ad614b4b01746e5457aeb24f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PV7-V3JW-C4MR

Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-06-29 00:00
VLAI
Details

rudp v0.6 was discovered to contain a memory leak in the component main.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20665"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-30T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "rudp v0.6 was discovered to contain a memory leak in the component main.c.",
  "id": "GHSA-8pv7-v3jw-c4mr",
  "modified": "2022-06-29T00:00:30Z",
  "published": "2022-05-24T19:16:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20665"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudwu/rudp/issues/6"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/401.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.