Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-PXFH-R844-6C2M

Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-14 18:31
VLAI
Details

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-14T17:15:38Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition.\n\n This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.",
  "id": "GHSA-pxfh-r844-6c2m",
  "modified": "2025-08-14T18:31:30Z",
  "published": "2025-08-14T18:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20252"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHy"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PXHH-R266-QRHG

Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2022-05-24 22:00
VLAI
Details

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-16712"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-23T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.",
  "id": "GHSA-pxhh-r266-qrhg",
  "modified": "2022-05-24T22:00:42Z",
  "published": "2022-05-24T22:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16712"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/1557"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PXRF-VJ27-HG76

Vulnerability from github – Published: 2025-05-05 18:32 – Updated: 2025-11-03 21:33
VLAI
Details

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user, under non default configurations, to cause a denial of service due to insufficient release of allocated memory after usage.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1992"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-05T17:18:46Z",
    "severity": "MODERATE"
  },
  "details": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user, under non default configurations, to cause a denial of service due to insufficient release of allocated memory after usage.",
  "id": "GHSA-pxrf-vj27-hg76",
  "modified": "2025-11-03T21:33:47Z",
  "published": "2025-05-05T18:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1992"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250516-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7232515"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PXV4-XVVX-325J

Vulnerability from github – Published: 2025-09-16 18:31 – Updated: 2025-12-10 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

caif: fix memory leak in cfctrl_linkup_request()

When linktype is unknown or kzalloc failed in cfctrl_linkup_request(), pkt is not released. Add release process to error path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T17:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncaif: fix memory leak in cfctrl_linkup_request()\n\nWhen linktype is unknown or kzalloc failed in cfctrl_linkup_request(),\npkt is not released. Add release process to error path.",
  "id": "GHSA-pxv4-xvvx-325j",
  "modified": "2025-12-10T21:31:29Z",
  "published": "2025-09-16T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53330"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1dddeceb26002cfea4c375e92ac6498768dc7349"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33df9c5d5e2a18c70f5f5f3c2757d654c1b6ffa3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3acf3783a84cbdf0c9f8cf2f32ee9c49af93a2da"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ad47c8aa5648226184415e4a0cb1bf67ffbfd48"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84b2cc7b36b7f6957d307fb3d01603f93cb2d655"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/badea57569db04b010e922e29a7aaf40a979a70b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc1bc903970bdf63ca40ab923d3ccb765da9a8d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe69230f05897b3de758427b574fc98025dfc907"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q25C-43PJ-XX2H

Vulnerability from github – Published: 2025-09-16 18:31 – Updated: 2025-12-02 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

rapidio: fix possible name leaks when rio_add_device() fails

Patch series "rapidio: fix three possible memory leaks".

This patchset fixes three name leaks in error handling. - patch #1 fixes two name leaks while rio_add_device() fails. - patch #2 fixes a name leak while rio_register_mport() fails.

This patch (of 2):

If rio_add_device() returns error, the name allocated by dev_set_name() need be freed. It should use put_device() to give up the reference in the error path, so that the name can be freed in kobject_cleanup(), and the 'rdev' can be freed in rio_release_dev().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50343"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T17:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: fix possible name leaks when rio_add_device() fails\n\nPatch series \"rapidio: fix three possible memory leaks\".\n\nThis patchset fixes three name leaks in error handling.\n - patch #1 fixes two name leaks while rio_add_device() fails.\n - patch #2 fixes a name leak while  rio_register_mport() fails.\n\n\nThis patch (of 2):\n\nIf rio_add_device() returns error, the name allocated by dev_set_name()\nneed be freed.  It should use put_device() to give up the reference in the\nerror path, so that the name can be freed in kobject_cleanup(), and the\n\u0027rdev\u0027 can be freed in rio_release_dev().",
  "id": "GHSA-q25c-43pj-xx2h",
  "modified": "2025-12-02T00:31:10Z",
  "published": "2025-09-16T18:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50343"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b4676f274a6b5d001176f15d0542100bbf4b59a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/440afd7fd9b164fdde6fc9da8c47d3d7f20dcce8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80fad2e53eaed2b3a2ff596575f65669e13ceda5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85fbf58b15c09d3a6a03098c1e42ebfe9002f39d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88fa351b20ca300693a206ccd3c4b0e0647944d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c413f65011ff8caffabcde0e1c3ceede48a48d6f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c482cb0deb57924335103fe592c379a076d867f8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec3f04f74f50d0b6bac04d795c93c2b852753a7a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9574cd48679926e2a569e1957a5a1bcc8a719ac"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q25G-GF9C-X8Q7

Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-12-16 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPICA: fix acpi parse and parseext cache leaks

ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5

I'm Seunghun Han, and I work for National Security Research Institute of South Korea.

I have been doing a research on ACPI and found an ACPI cache leak in ACPI early abort cases.

Boot log of ACPI cache leak is as follows: [ 0.352414] ACPI: Added _OSI(Module Device) [ 0.353182] ACPI: Added _OSI(Processor Device) [ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions) [ 0.353182] ACPI: Added _OSI(Processor Aggregator Device) [ 0.356028] ACPI: Unable to start the ACPI Interpreter [ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281) [ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects [ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 4.12.0-rc4-next-20170608+ #10 [ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006 [ 0.361873] Call Trace: [ 0.362243] ? dump_stack+0x5c/0x81 [ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0 [ 0.362944] ? acpi_sleep_proc_init+0x27/0x27 [ 0.363296] ? acpi_os_delete_cache+0xa/0x10 [ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b [ 0.364000] ? acpi_terminate+0xa/0x14 [ 0.364000] ? acpi_init+0x2af/0x34f [ 0.364000] ? __class_create+0x4c/0x80 [ 0.364000] ? video_setup+0x7f/0x7f [ 0.364000] ? acpi_sleep_proc_init+0x27/0x27 [ 0.364000] ? do_one_initcall+0x4e/0x1a0 [ 0.364000] ? kernel_init_freeable+0x189/0x20a [ 0.364000] ? rest_init+0xc0/0xc0 [ 0.364000] ? kernel_init+0xa/0x100 [ 0.364000] ? ret_from_fork+0x25/0x30

I analyzed this memory leak in detail. I found that “Acpi-State” cache and “Acpi-Parse” cache were merged because the size of cache objects was same slab cache size.

I finally found “Acpi-Parse” cache and “Acpi-parse_ext” cache were leaked using SLAB_NEVER_MERGE flag in kmem_cache_create() function.

Real ACPI cache leak point is as follows: [ 0.360101] ACPI: Added _OSI(Module Device) [ 0.360101] ACPI: Added _OSI(Processor Device) [ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions) [ 0.361043] ACPI: Added _OSI(Processor Aggregator Device) [ 0.364016] ACPI: Unable to start the ACPI Interpreter [ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281) [ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects [ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 4.12.0-rc4-next-20170608+ #8 [ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006 [ 0.372000] Call Trace: [ 0.372000] ? dump_stack+0x5c/0x81 [ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0 [ 0.372000] ? acpi_sleep_proc_init+0x27/0x27 [ 0.372000] ? acpi_os_delete_cache+0xa/0x10 [ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b [ 0.372000] ? acpi_terminate+0xa/0x14 [ 0.372000] ? acpi_init+0x2af/0x34f [ 0.372000] ? __class_create+0x4c/0x80 [ 0.372000] ? video_setup+0x7f/0x7f [ 0.372000] ? acpi_sleep_proc_init+0x27/0x27 [ 0.372000] ? do_one_initcall+0x4e/0x1a0 [ 0.372000] ? kernel_init_freeable+0x189/0x20a [ 0.372000] ? rest_init+0xc0/0xc0 [ 0.372000] ? kernel_init+0xa/0x100 [ 0.372000] ? ret_from_fork+0x25/0x30 [ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects [ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 4.12.0-rc4-next-20170608+ #8 [ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006 [ 0.392000] Call Trace: [ 0.392000] ? dump_stack+0x5c/0x81 [ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0 [ 0.392000] ? acpi_sleep_proc_init+0x27/0x27 [ 0.392000] ? acpi_os_delete_cache+0xa/0x10 [ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b [ 0.392000] ? acpi_terminate+0xa/0x14 [ 0.392000] ? acpi_init+0x2af/0x3 ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38344"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T09:15:29Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi parse and parseext cache leaks\n\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\n\nI\u0027m Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\n\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\n\nBoot log of ACPI cache leak is as follows:\n[    0.352414] ACPI: Added _OSI(Module Device)\n[    0.353182] ACPI: Added _OSI(Processor Device)\n[    0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[    0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[    0.356028] ACPI: Unable to start the ACPI Interpreter\n[    0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[    0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[    0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G        W\n4.12.0-rc4-next-20170608+ #10\n[    0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[    0.361873] Call Trace:\n[    0.362243]  ? dump_stack+0x5c/0x81\n[    0.362591]  ? kmem_cache_destroy+0x1aa/0x1c0\n[    0.362944]  ? acpi_sleep_proc_init+0x27/0x27\n[    0.363296]  ? acpi_os_delete_cache+0xa/0x10\n[    0.363646]  ? acpi_ut_delete_caches+0x6d/0x7b\n[    0.364000]  ? acpi_terminate+0xa/0x14\n[    0.364000]  ? acpi_init+0x2af/0x34f\n[    0.364000]  ? __class_create+0x4c/0x80\n[    0.364000]  ? video_setup+0x7f/0x7f\n[    0.364000]  ? acpi_sleep_proc_init+0x27/0x27\n[    0.364000]  ? do_one_initcall+0x4e/0x1a0\n[    0.364000]  ? kernel_init_freeable+0x189/0x20a\n[    0.364000]  ? rest_init+0xc0/0xc0\n[    0.364000]  ? kernel_init+0xa/0x100\n[    0.364000]  ? ret_from_fork+0x25/0x30\n\nI analyzed this memory leak in detail. I found that \u201cAcpi-State\u201d cache and\n\u201cAcpi-Parse\u201d cache were merged because the size of cache objects was same\nslab cache size.\n\nI finally found \u201cAcpi-Parse\u201d cache and \u201cAcpi-parse_ext\u201d cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\n\nReal ACPI cache leak point is as follows:\n[    0.360101] ACPI: Added _OSI(Module Device)\n[    0.360101] ACPI: Added _OSI(Processor Device)\n[    0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[    0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[    0.364016] ACPI: Unable to start the ACPI Interpreter\n[    0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[    0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[    0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W\n4.12.0-rc4-next-20170608+ #8\n[    0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[    0.372000] Call Trace:\n[    0.372000]  ? dump_stack+0x5c/0x81\n[    0.372000]  ? kmem_cache_destroy+0x1aa/0x1c0\n[    0.372000]  ? acpi_sleep_proc_init+0x27/0x27\n[    0.372000]  ? acpi_os_delete_cache+0xa/0x10\n[    0.372000]  ? acpi_ut_delete_caches+0x56/0x7b\n[    0.372000]  ? acpi_terminate+0xa/0x14\n[    0.372000]  ? acpi_init+0x2af/0x34f\n[    0.372000]  ? __class_create+0x4c/0x80\n[    0.372000]  ? video_setup+0x7f/0x7f\n[    0.372000]  ? acpi_sleep_proc_init+0x27/0x27\n[    0.372000]  ? do_one_initcall+0x4e/0x1a0\n[    0.372000]  ? kernel_init_freeable+0x189/0x20a\n[    0.372000]  ? rest_init+0xc0/0xc0\n[    0.372000]  ? kernel_init+0xa/0x100\n[    0.372000]  ? ret_from_fork+0x25/0x30\n[    0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[    0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W\n4.12.0-rc4-next-20170608+ #8\n[    0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[    0.392000] Call Trace:\n[    0.392000]  ? dump_stack+0x5c/0x81\n[    0.392000]  ? kmem_cache_destroy+0x1aa/0x1c0\n[    0.392000]  ? acpi_sleep_proc_init+0x27/0x27\n[    0.392000]  ? acpi_os_delete_cache+0xa/0x10\n[    0.392000]  ? acpi_ut_delete_caches+0x6d/0x7b\n[    0.392000]  ? acpi_terminate+0xa/0x14\n[    0.392000]  ? acpi_init+0x2af/0x3\n---truncated---",
  "id": "GHSA-q25g-gf9c-x8q7",
  "modified": "2025-12-16T18:31:29Z",
  "published": "2025-07-10T09:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38344"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a119fdaed67566aa3e0b5222dced4d08bbce463"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/198c2dab022e5e94a99fff267b669d693bc7bb49"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e0e629e88b1f7751ce69bf70cda6d1598d45271"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1fee4324b5660de080cefc3fc91c371543bdb8f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e0c59180ec83bdec43b3d3482cff23d86d380d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41afebc9a0762aafc35d2df88f4e1b798155a940"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/960236150cd3f08e13b397dd5ae4ccf7a2986c00"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bed18f0bdcd6737a938264a59d67923688696fc4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q2F2-J8QW-598J

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2023-02-23 15:33
VLAI
Details

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-26T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.",
  "id": "GHSA-q2f2-j8qw-598j",
  "modified": "2023-02-23T15:33:05Z",
  "published": "2022-05-24T16:48:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12976"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/1520"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4192-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4712"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108913"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q2GW-9MG2-9RH3

Vulnerability from github – Published: 2025-07-27 09:30 – Updated: 2025-07-27 09:30
VLAI
Details

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-27T08:15:25Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.",
  "id": "GHSA-q2gw-9mg2-9rh3",
  "modified": "2025-07-27T09:30:26Z",
  "published": "2025-07-27T09:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8225"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.317813"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.317813"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.621883"
    },
    {
      "type": "WEB",
      "url": "https://www.gnu.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q2VM-M3P4-MPG8

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details

Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5578"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-15T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.",
  "id": "GHSA-q2vm-m3p4-mpg8",
  "modified": "2022-05-13T01:13:40Z",
  "published": "2022-05-13T01:13:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5578"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201702-28"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=204f01b30975923c64006f8067f0937b91eea68b"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/01/23/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/01/25/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95781"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q2W7-X8J6-5GXC

Vulnerability from github – Published: 2024-08-22 03:31 – Updated: 2024-09-12 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/smc: fix connection leak

There's a potential leak issue under following execution sequence :

smc_release smc_connect_work if (sk->sk_state == SMC_INIT) send_clc_confirim tcp_abort(); ... sk.sk_state = SMC_ACTIVE smc_close_active switch(sk->sk_state) { ... case SMC_ACTIVE: smc_close_final() // then wait peer closed

Unfortunately, tcp_abort() may discard CLC CONFIRM messages that are still in the tcp send buffer, in which case our connection token cannot be delivered to the server side, which means that we cannot get a passive close message at all. Therefore, it is impossible for the to be disconnected at all.

This patch tries a very simple way to avoid this issue, once the state has changed to SMC_ACTIVE after tcp_abort(), we can actively abort the smc connection, considering that the state is SMC_INIT before tcp_abort(), abandoning the complete disconnection process should not cause too much problem.

In fact, this problem may exist as long as the CLC CONFIRM message is not received by the server. Whether a timer should be added after smc_close_final() needs to be discussed in the future. But even so, this patch provides a faster release for connection in above case, it should also be valuable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48909"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-22T02:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix connection leak\n\nThere\u0027s a potential leak issue under following execution sequence :\n\nsmc_release  \t\t\t\tsmc_connect_work\nif (sk-\u003esk_state == SMC_INIT)\n\t\t\t\t\tsend_clc_confirim\n\ttcp_abort();\n\t\t\t\t\t...\n\t\t\t\t\tsk.sk_state = SMC_ACTIVE\nsmc_close_active\nswitch(sk-\u003esk_state) {\n...\ncase SMC_ACTIVE:\n\tsmc_close_final()\n\t// then wait peer closed\n\nUnfortunately, tcp_abort() may discard CLC CONFIRM messages that are\nstill in the tcp send buffer, in which case our connection token cannot\nbe delivered to the server side, which means that we cannot get a\npassive close message at all. Therefore, it is impossible for the to be\ndisconnected at all.\n\nThis patch tries a very simple way to avoid this issue, once the state\nhas changed to SMC_ACTIVE after tcp_abort(), we can actively abort the\nsmc connection, considering that the state is SMC_INIT before\ntcp_abort(), abandoning the complete disconnection process should not\ncause too much problem.\n\nIn fact, this problem may exist as long as the CLC CONFIRM message is\nnot received by the server. Whether a timer should be added after\nsmc_close_final() needs to be discussed in the future. But even so, this\npatch provides a faster release for connection in above case, it should\nalso be valuable.",
  "id": "GHSA-q2w7-x8j6-5gxc",
  "modified": "2024-09-12T15:32:59Z",
  "published": "2024-08-22T03:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48909"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e8d465b83db307f04ad265848f8ab3f78f6918f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80895b6f9154fb22d36fab311ccbb75503a2c87b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f1c50cf39167ff71dc5953a3234f3f6eeb8fcb5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e98d46ccfa84b35a9e4b1ccdd83961b41a5d7ce5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.