Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-M889-2HFP-9M7J

Vulnerability from github – Published: 2025-09-16 18:31 – Updated: 2025-12-02 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()

If device_register() returns error in tifm_7xx1_switch_media(), name of kobject which is allocated in dev_set_name() called in device_add() is leaked.

Never directly free @dev after calling device_register(), even if it returned an error! Always use put_device() to give up the reference initialized.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50349"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T17:15:34Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: tifm: fix possible memory leak in tifm_7xx1_switch_media()\n\nIf device_register() returns error in tifm_7xx1_switch_media(),\nname of kobject which is allocated in dev_set_name() called in device_add()\nis leaked.\n\nNever directly free @dev after calling device_register(), even\nif it returned an error! Always use put_device() to give up the\nreference initialized.",
  "id": "GHSA-m889-2hfp-9m7j",
  "modified": "2025-12-02T00:31:10Z",
  "published": "2025-09-16T18:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50349"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1695b1adcc3a7d985cd22fa3b55761edf3fab50d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2bbb222a54ff501f77ce593d21b76b79c905045e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35abbc8406cc39e72d3ce85f6e869555afe50d54"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57c857353d5020bdec8284d9c0fee447484fe5e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/848c45964ded537107e010aaf353aa30a0855387"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d861b7d41b17942b337d4b87a70de7cd1dc44d4e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee2715faf7e7153f5142ed09aacfa89a64d45dcb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef843ee20576039126d34d6eb5f45d14c3e6ce18"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd2c930cf6a5b9176382c15f9acb1996e76e25ad"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M8R8-3226-6WP8

Vulnerability from github – Published: 2023-08-24 09:30 – Updated: 2025-11-04 00:30
VLAI
Details

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-24T07:15:12Z",
    "severity": "HIGH"
  },
  "details": "BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file",
  "id": "GHSA-m8r8-3226-6wp8",
  "modified": "2025-11-04T00:30:39Z",
  "published": "2023-08-24T09:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4513"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/19259"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2023-25.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M8W5-V3R7-7546

Vulnerability from github – Published: 2024-05-20 12:30 – Updated: 2024-06-03 18:56
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()

If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-20T10:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()\n\nIf ulp = kzalloc() fails, the allocated edev will leak because it is\nnot properly assigned and the cleanup path will not be able to free it.\nFix it by assigning it properly immediately after allocation.",
  "id": "GHSA-m8w5-v3r7-7546",
  "modified": "2024-06-03T18:56:15Z",
  "published": "2024-05-20T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35972"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341af0aa42be8218fe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd39b1d696ec54004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M978-F9GM-GJ2J

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()

Two bugs exist in the vCPU initialisation path:

  1. If a check fails after hyp_pin_shared_mem() succeeds, the cleanup path jumps to 'unlock' without calling unpin_host_vcpu() or unpin_host_sve_state(), permanently leaking pin references on the host vCPU and SVE state pages.

Extract a register_hyp_vcpu() helper that performs the checks and the store. When register_hyp_vcpu() returns an error, call unpin_host_vcpu() and unpin_host_sve_state() inline before falling through to the existing 'unlock' label.

  1. register_hyp_vcpu() publishes the new vCPU pointer into 'hyp_vm->vcpus[]' with a bare store, allowing a concurrent caller of pkvm_load_hyp_vcpu() to observe a partially initialised vCPU object.

Ensure the store uses smp_store_release() and the load uses smp_load_acquire(). While 'vm_table_lock' currently serialises the store and the load, these barriers ensure the reader sees the fully initialised 'hyp_vcpu' object even if there were a lockless path or if the lock's own ordering guarantees were insufficient for nested object initialization.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:30Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()\n\nTwo bugs exist in the vCPU initialisation path:\n\n1. If a check fails after hyp_pin_shared_mem() succeeds, the cleanup\n   path jumps to \u0027unlock\u0027 without calling unpin_host_vcpu() or\n   unpin_host_sve_state(), permanently leaking pin references on the\n   host vCPU and SVE state pages.\n\n   Extract a register_hyp_vcpu() helper that performs the checks and\n   the store. When register_hyp_vcpu() returns an error, call\n   unpin_host_vcpu() and unpin_host_sve_state() inline before falling\n   through to the existing \u0027unlock\u0027 label.\n\n2. register_hyp_vcpu() publishes the new vCPU pointer into\n   \u0027hyp_vm-\u003evcpus[]\u0027 with a bare store, allowing a concurrent caller\n   of pkvm_load_hyp_vcpu() to observe a partially initialised vCPU\n   object.\n\n   Ensure the store uses smp_store_release() and the load uses\n   smp_load_acquire(). While \u0027vm_table_lock\u0027 currently serialises the\n   store and the load, these barriers ensure the reader sees the fully\n   initialised \u0027hyp_vcpu\u0027 object even if there were a lockless path or\n   if the lock\u0027s own ordering guarantees were insufficient for nested\n   object initialization.",
  "id": "GHSA-m978-f9gm-gj2j",
  "modified": "2026-06-10T21:31:24Z",
  "published": "2026-05-28T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46147"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d69c0ed978f7f0efd053fc98390f25ab77c1aea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/73b9c1e5da84cd69b1a86e374e450817cd051371"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7d3c27b54253cda91dc4d2c1bfc109c490837ab9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M97Q-C3XF-55XF

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-26 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix fget leak when fs don't support nowait buffered read

Heming reported a BUG when using io_uring doing link-cp on ocfs2. [1]

Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc /mnt/ocfs2 cp testfile /mnt/ocfs2/ ./link-cp /mnt/ocfs2/testfile /mnt/ocfs2/testfile.1 umount /mnt/ocfs2

Then umount will fail, and it outputs: umount: /mnt/ocfs2: target is busy.

While tracing umount, it blames mnt_get_count() not return as expected. Do a deep investigation for fget()/fput() on related code flow, I've finally found that fget() leaks since ocfs2 doesn't support nowait buffered read.

io_issue_sqe |-io_assign_file // do fget() first |-io_read |-io_iter_do_read |-ocfs2_file_read_iter // return -EOPNOTSUPP |-kiocb_done |-io_rw_done |-__io_complete_rw_common // set REQ_F_REISSUE |-io_resubmit_prep |-io_req_prep_async // override req->file, leak happens

This was introduced by commit a196c78b5443 in v5.18. Fix it by don't re-assign req->file if it has already been assigned.

[1] https://lore.kernel.org/ocfs2-devel/ab580a75-91c8-d68a-3455-40361be1bfa8@linux.alibaba.com/T/#t

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix fget leak when fs don\u0027t support nowait buffered read\n\nHeming reported a BUG when using io_uring doing link-cp on ocfs2. [1]\n\nDo the following steps can reproduce this BUG:\nmount -t ocfs2 /dev/vdc /mnt/ocfs2\ncp testfile /mnt/ocfs2/\n./link-cp /mnt/ocfs2/testfile /mnt/ocfs2/testfile.1\numount /mnt/ocfs2\n\nThen umount will fail, and it outputs:\numount: /mnt/ocfs2: target is busy.\n\nWhile tracing umount, it blames mnt_get_count() not return as expected.\nDo a deep investigation for fget()/fput() on related code flow, I\u0027ve\nfinally found that fget() leaks since ocfs2 doesn\u0027t support nowait\nbuffered read.\n\nio_issue_sqe\n|-io_assign_file  // do fget() first\n  |-io_read\n  |-io_iter_do_read\n    |-ocfs2_file_read_iter  // return -EOPNOTSUPP\n  |-kiocb_done\n    |-io_rw_done\n      |-__io_complete_rw_common  // set REQ_F_REISSUE\n    |-io_resubmit_prep\n      |-io_req_prep_async  // override req-\u003efile, leak happens\n\nThis was introduced by commit a196c78b5443 in v5.18. Fix it by don\u0027t\nre-assign req-\u003efile if it has already been assigned.\n\n[1] https://lore.kernel.org/ocfs2-devel/ab580a75-91c8-d68a-3455-40361be1bfa8@linux.alibaba.com/T/#t",
  "id": "GHSA-m97q-c3xf-55xf",
  "modified": "2026-01-26T21:30:30Z",
  "published": "2025-10-01T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53511"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10fb2e16ee6ffaf1716b9e90d007e6b300bfa457"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54aa7f2330b82884f4a1afce0220add6e8312f8b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75a499fc9d66a32271e2b3e4ca71156e8ad3b484"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M97V-XGPV-4JW8

Vulnerability from github – Published: 2022-05-04 00:00 – Updated: 2022-05-10 00:00
VLAI
Details

OMPL v1.5.2 contains a memory leak in VFRRT.cpp

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-03T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "OMPL v1.5.2 contains a memory leak in VFRRT.cpp",
  "id": "GHSA-m97v-xgpv-4jw8",
  "modified": "2022-05-10T00:00:28Z",
  "published": "2022-05-04T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42218"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ompl/ompl/issues/839"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9C8-445C-MWFR

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/mempolicy: fix memory leak in set_mempolicy_home_node system call

When encountering any vma in the range with policy other than MPOL_BIND or MPOL_PREFERRED_MANY, an error is returned without issuing a mpol_put on the policy just allocated with mpol_dup().

This allows arbitrary users to leak kernel memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix memory leak in set_mempolicy_home_node system call\n\nWhen encountering any vma in the range with policy other than MPOL_BIND or\nMPOL_PREFERRED_MANY, an error is returned without issuing a mpol_put on\nthe policy just allocated with mpol_dup().\n\nThis allows arbitrary users to leak kernel memory.",
  "id": "GHSA-m9c8-445c-mwfr",
  "modified": "2025-12-11T21:31:26Z",
  "published": "2025-09-18T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50391"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ce4cc6d269ddc448a825955b495f662f5d9e153"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38ce7c9bdfc228c14d7621ba36d3eebedd9d4f76"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ca0eb6b2f3add8c5daefb726ce57dc95d103d33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MC2X-3VPX-WFRG

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-06 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: fix memory leak in WMI firmware stats

Memory allocated for firmware pdev, vdev and beacon statistics are not released during rmmod.

Fix it by calling ath11k_fw_stats_free() function before hardware unregister.

While at it, avoid calling ath11k_fw_stats_free() while processing the firmware stats received in the WMI event because the local list is getting spliced and reinitialised and hence there are no elements in the list after splicing.

Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:56Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
  "id": "GHSA-mc2x-3vpx-wfrg",
  "modified": "2026-02-06T15:30:59Z",
  "published": "2025-10-04T18:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53602"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55248d36beb79d3a61c9fb3122dc377fff523c89"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6aafa1c2d3e3fea2ebe84c018003f2a91722e607"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/86f9330a49d1464849482298dd34d361859183eb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MCF4-JWP6-459X

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI
Details

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-22042"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-01T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.",
  "id": "GHSA-mcf4-jwp6-459x",
  "modified": "2022-05-24T19:03:41Z",
  "published": "2022-05-24T19:03:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
    },
    {
      "type": "WEB",
      "url": "https://trac.ffmpeg.org/ticket/8267"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4998"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MCXF-4RJ7-VPF7

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-19T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.",
  "id": "GHSA-mcxf-4rj7-vpf7",
  "modified": "2022-05-24T17:47:51Z",
  "published": "2022-05-24T17:47:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31256"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1705"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.