Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-C2GF-V879-257J

Vulnerability from github – Published: 2026-06-11 13:28 – Updated: 2026-07-10 12:31
VLAI
Summary
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
Details

Impact

The DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the appropriate decompression codec (gzip, deflate, zstd) and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled ByteBuf handed to an anonymous ChannelInboundHandlerAdapter tail handler, which becomes the sole owner responsible for releasing it.

A remote peer could send frames that would result in the flow-controller throwing and so trigger a resource leak which at the end might take down the whole JVM due OOME.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.1.134.Final"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-codec-http2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.135.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.2.14.Final"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-codec-http2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0.Alpha1"
            },
            {
              "fixed": "4.2.15.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401",
      "CWE-772"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-11T13:28:46Z",
    "nvd_published_at": "2026-06-12T16:16:30Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe `DelegatingDecompressorFrameListener` class orchestrates HTTP/2 decompression by embedding a per-stream `EmbeddedChannel` that runs the appropriate decompression codec (gzip, deflate, zstd) and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled `ByteBuf` handed to an anonymous `ChannelInboundHandlerAdapter` tail handler, which becomes the sole owner responsible for releasing it.\n\nA remote peer could send frames that would result in the flow-controller throwing and so trigger a resource leak which at the end might take down the whole JVM due OOME.",
  "id": "GHSA-c2gf-v879-257j",
  "modified": "2026-07-10T12:31:39Z",
  "published": "2026-06-11T13:28:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48043"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26017"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26018"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26586"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:34608"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36820"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37390"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-48043"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488442"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48043.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion"
}

GHSA-C2J9-M677-3M66

Vulnerability from github – Published: 2022-03-19 00:01 – Updated: 2022-03-26 00:00
VLAI
Details

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0742"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-18T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.",
  "id": "GHSA-c2j9-m677-3m66",
  "modified": "2022-03-26T00:00:49Z",
  "published": "2022-03-19T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0742"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d3916f3189172d5c69d33065c3c21119fe539fc"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220425-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2022/03/15/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C2P4-PRC5-V3MC

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-10 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cxl/region: Fix cxl_region leak, cleanup targets at region delete

When a region is deleted any targets that have been previously assigned to that region hold references to it. Trigger those references to drop by detaching all targets at unregister_region() time.

Otherwise that region object will leak as userspace has lost the ability to detach targets once region sysfs is torn down.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix cxl_region leak, cleanup targets at region delete\n\nWhen a region is deleted any targets that have been previously assigned\nto that region hold references to it. Trigger those references to\ndrop by detaching all targets at unregister_region() time.\n\nOtherwise that region object will leak as userspace has lost the ability\nto detach targets once region sysfs is torn down.",
  "id": "GHSA-c2p4-prc5-v3mc",
  "modified": "2025-11-10T21:30:29Z",
  "published": "2025-05-01T15:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49893"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d9e734018d70cecf79e2e4c6082167160a0f13f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/45d9fb4b758b9d602ee7776eb6754b0349946aad"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C2PC-4WW4-M54P

Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-14 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init

If the function sdma_load_context() fails, the sdma_desc will be freed, but the allocated desc->bd is forgot to be freed.

We already met the sdma_load_context() failure case and the log as below: [ 450.699064] imx-sdma 30bd0000.dma-controller: Timeout waiting for CH0 ready ...

In this case, the desc->bd will not be freed without this change.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-27T17:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init\n\nIf the function sdma_load_context() fails, the sdma_desc will be\nfreed, but the allocated desc-\u003ebd is forgot to be freed.\n\nWe already met the sdma_load_context() failure case and the log as\nbelow:\n[ 450.699064] imx-sdma 30bd0000.dma-controller: Timeout waiting for CH0 ready\n...\n\nIn this case, the desc-\u003ebd will not be freed without this change.",
  "id": "GHSA-c2pc-4ww4-m54p",
  "modified": "2025-04-14T21:32:23Z",
  "published": "2025-03-27T18:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49746"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1417f59ac0b02130ee56c0c50794b9b257be3d17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43acd767bd90c5d4172ce7fee5d9007a9a08dea9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80ee99e52936b2c04cc37b17a14b2ae2f9d282ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd0050b7ffa87c7b260d563646af612f4112a778"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce4745a6b8016fae74c95dcd457d4ceef7d98af1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dbe634ce824329d8f14079c3e9f8f11670894bec"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C2R2-MGHM-QQ3M

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-08T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
  "id": "GHSA-c2r2-mghm-qq3m",
  "modified": "2022-05-24T19:07:10Z",
  "published": "2022-05-24T19:07:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1598"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-C2RV-8J84-953P

Vulnerability from github – Published: 2024-11-07 12:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: systemport: fix potential memory leak in bcm_sysport_xmit()

The bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb in case of dma_map_single() fails, add dev_kfree_skb() to fix it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50171"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-07T10:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: systemport: fix potential memory leak in bcm_sysport_xmit()\n\nThe bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb\nin case of dma_map_single() fails, add dev_kfree_skb() to fix it.",
  "id": "GHSA-c2rv-8j84-953p",
  "modified": "2025-11-04T00:31:57Z",
  "published": "2024-11-07T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50171"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31701ef0c4547973991ff63596c927f841dfd133"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b70478b984af3c9d0279c121df5ff94e2533dbd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/533d2f30aef272dade17870a509521c3afc38a03"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5febfc545389805ce83d37f9f4317055b26dd7d7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7d5030a819c3589cf9948b1eee397b626ec590f5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e81ce7d0166a2249deb6d5e42f28a8b8c9ea72f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6321146773dcbbc372a54dbada67e0b50e0a25c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c401ed1c709948e57945485088413e1bb5e94bd1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C2VF-6G7V-8M6C

Vulnerability from github – Published: 2025-07-10 18:31 – Updated: 2025-11-05 00:31
VLAI
Details

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.

This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.

Users are recommended to upgrade to version 2.4.64, which fixes the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T17:15:48Z",
    "severity": "HIGH"
  },
  "details": "Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.\n\nUsers are recommended to upgrade to version 2.4.64, which fixes the issue.",
  "id": "GHSA-c2vf-6g7v-8m6c",
  "modified": "2025-11-05T00:31:20Z",
  "published": "2025-07-10T18:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53020"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/07/10/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C38F-WX89-P2XG

Vulnerability from github – Published: 2026-05-12 22:25 – Updated: 2026-06-08 23:53
VLAI
Summary
UltraJSON has a Memory Leak in ujson.dump() on Write Failure
Details

Summary

When ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload.

Code that uses ujson.dumps() rather than ujson.dump() or only JSON load/decode methods is unaffected.

Details

Vulnerability Location: - src/ujson/python/objToJSON.c:913 - objToJSONFile() function start - src/ujson/python/objToJSON.c:931 - Error return on write failure - src/ujson/python/objToJSON.c:942 - Early return without cleanup

Root Cause:

The objToJSONFile() function allocates a Python string object via ujson_dumps_internal(), calls the file's write() method, and returns early if write() raises an exception—but never calls Py_DECREF(string) on the early exit path.

PoC

import gc, tracemalloc, ujson

class BadFile:
    def write(self, s):
        raise RuntimeError("boom")

obj = {"x": "A" * 200000}

def run():
    try:
        ujson.dump(obj, BadFile())
    except RuntimeError:
        pass

run()
tracemalloc.start()
gc.collect()
base = tracemalloc.get_traced_memory()[0]

for i in range(5):
    run()
    gc.collect()
    cur = tracemalloc.get_traced_memory()[0]
    print(i, cur - base)

Impact

Any application that serializes data through ujson.dump() to an attacker-influenced file-like object that can fail can be driven into linear memory growth. An attacker can quickly use up all the memory of say a web server that sends JSON responses using ujson.dump() by repeatedly making requests then closing the connection mid response.

Remediation

The missing dec-refs were added in 82af1d0ac01d09aa40c887b460d44b9d9f4bccd9. We recommend upgrading to UltraJSON 5.12.1.

Workarounds

Replacing ujson.dump(obj, file) with file.write(ujson.dumps(obj)) is equivalent (contrary to popular misconception, there are no streaming benefits to using ujson.dump()) and will avoid the memory leak.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.12.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "ujson"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-12T22:25:11Z",
    "nvd_published_at": "2026-05-27T21:16:17Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nWhen `ujson.dump()` writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload.\n\nCode that uses `ujson.dumps()` rather than `ujson.dump()` or only JSON load/decode methods is unaffected.\n\n### Details\n\n**Vulnerability Location:**\n- `src/ujson/python/objToJSON.c:913` - `objToJSONFile()` function start\n- `src/ujson/python/objToJSON.c:931` - Error return on write failure\n- `src/ujson/python/objToJSON.c:942` - Early return without cleanup\n \n**Root Cause:**\n\nThe `objToJSONFile()` function allocates a Python string object via `ujson_dumps_internal()`, calls the file\u0027s `write()` method, and returns early if `write()` raises an exception\u2014but never calls `Py_DECREF(string)` on the early exit path.\n\n### PoC\n```python\nimport gc, tracemalloc, ujson\n\nclass BadFile:\n    def write(self, s):\n        raise RuntimeError(\"boom\")\n\nobj = {\"x\": \"A\" * 200000}\n\ndef run():\n    try:\n        ujson.dump(obj, BadFile())\n    except RuntimeError:\n        pass\n\nrun()\ntracemalloc.start()\ngc.collect()\nbase = tracemalloc.get_traced_memory()[0]\n\nfor i in range(5):\n    run()\n    gc.collect()\n    cur = tracemalloc.get_traced_memory()[0]\n    print(i, cur - base)\n```\n\n### Impact\n\nAny application that serializes data through `ujson.dump()` to an attacker-influenced file-like object that can fail can be driven into linear memory growth. An attacker can quickly use up all the memory of say a web server that sends JSON responses using `ujson.dump()` by repeatedly making requests then closing the connection mid response.\n\n### Remediation\n\nThe missing dec-refs were added in 82af1d0ac01d09aa40c887b460d44b9d9f4bccd9. We recommend upgrading to [UltraJSON 5.12.1](https://github.com/ultrajson/ultrajson/releases/tag/5.12.1).\n\n### Workarounds\n\nReplacing `ujson.dump(obj, file)` with `file.write(ujson.dumps(obj))` is equivalent (contrary to popular misconception, there are no streaming benefits to using `ujson.dump()`) and will avoid the memory leak.",
  "id": "GHSA-c38f-wx89-p2xg",
  "modified": "2026-06-08T23:53:55Z",
  "published": "2026-05-12T22:25:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c38f-wx89-p2xg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44660"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ultrajson/ultrajson"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ultrajson/ultrajson/releases/tag/5.12.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "UltraJSON has a Memory Leak in ujson.dump() on Write Failure"
}

GHSA-C3CM-22V6-7J92

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: hinic: fix the issue of CMDQ memory leaks

When hinic_set_cmdq_depth() fails in hinic_init_cmdqs(), the cmdq memory is not released correctly. Fix it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50387"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:37Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hinic: fix the issue of CMDQ memory leaks\n\nWhen hinic_set_cmdq_depth() fails in hinic_init_cmdqs(), the cmdq memory is\nnot released correctly. Fix it.",
  "id": "GHSA-c3cm-22v6-7j92",
  "modified": "2025-12-11T21:31:26Z",
  "published": "2025-09-18T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50387"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/363cc87767f6ddcfb9158ad2e2afa2f8d5c4b94e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6016d96a6adf66d61655d85da02e1a4c1deccbd6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6603843c80b16957f5d7d14d897faf13cef2b8b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9145d512ddff76df88832b29575488199df544a1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C44C-V227-HV3Q

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-25 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-pf: Fix potential memory leak in otx2_init_tc()

In otx2_init_tc(), if rhashtable_init() failed, it does not free tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential memory leak in otx2_init_tc()\n\nIn otx2_init_tc(), if rhashtable_init() failed, it does not free\ntc-\u003etc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap().",
  "id": "GHSA-c44c-v227-hv3q",
  "modified": "2024-10-25T21:31:27Z",
  "published": "2024-10-21T21:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48968"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db5ec358cf4ef0ab382ee733d05f018e8bef9462"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eefd8953a74822cb72006632b9ee9dd95f92c146"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fbf33f5ac76f2cdb47ad9763f620026d5cfa57ce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.