CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-V2FC-QM4H-8HQV
Vulnerability from github – Published: 2026-05-06 18:27 – Updated: 2026-05-06 18:27Summary
Nokogiri's Nokogiri::XSLT::Stylesheet#transform leaks a small heap allocation when passed a Ruby string parameter containing a null byte.
For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against long-running processes.
Mitigation
Upgrade to Nokogiri >= 1.19.3.
Users may also be able to mitigate this issue without upgrading by validating untrusted transform parameters before passing them to Nokogiri::XSLT::Stylesheet#transform.
Severity
The Nokogiri maintainers have evaluated this as Moderate Severity, CVSS 5.3.
Each leaked allocation is approximately 24–32 bytes, so meaningful memory growth requires sustained attacker-controlled traffic at high call rates. The bug does not cause memory corruption, information disclosure, or any change in the behavior of the transform itself, and the string-handling exception is raised as expected.
Applications that do not pass raw attacker-controlled bytes to XSLT parameters are unlikely to be affected in practice.
Resources
Credit
This vulnerability was responsibly reported by @Captainjack-kor.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T18:27:38Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\nNokogiri\u0027s `Nokogiri::XSLT::Stylesheet#transform` leaks a small heap allocation when passed a Ruby string parameter containing a null byte.\n\nFor applications that pass attacker-controlled input through `XSLT.transform` parameters, this may be a vector for a denial of service attack against long-running processes.\n\n\n## Mitigation\n\nUpgrade to Nokogiri `\u003e= 1.19.3`.\n\nUsers may also be able to mitigate this issue without upgrading by validating untrusted transform parameters before passing them to `Nokogiri::XSLT::Stylesheet#transform`.\n\n\n## Severity\n\nThe Nokogiri maintainers have evaluated this as **Moderate Severity**, CVSS 5.3.\n\nEach leaked allocation is approximately 24\u201332 bytes, so meaningful memory growth requires sustained attacker-controlled traffic at high call rates. The bug does not cause memory corruption, information disclosure, or any change in the behavior of the transform itself, and the string-handling exception is raised as expected.\n\nApplications that do not pass raw attacker-controlled bytes to XSLT parameters are unlikely to be affected in practice.\n\n\n## Resources\n\n- [CWE-401: Missing Release of Memory after Effective Lifetime](https://cwe.mitre.org/data/definitions/401.html)\n\n\n## Credit\n\nThis vulnerability was responsibly reported by @Captainjack-kor.",
"id": "GHSA-v2fc-qm4h-8hqv",
"modified": "2026-05-06T18:27:38Z",
"published": "2026-05-06T18:27:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Nokogiri XSLT transform has a memory leak"
}
GHSA-V2G8-4FGQ-7RHX
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2025-06-09 18:32An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
{
"affected": [],
"aliases": [
"CVE-2019-20386"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-21T06:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.",
"id": "GHSA-v2g8-4fgq-7rhx",
"modified": "2025-06-09T18:32:00Z",
"published": "2022-05-24T17:07:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20386"
},
{
"type": "WEB",
"url": "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200210-0002"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4269-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-V2PM-RV6H-9G9P
Vulnerability from github – Published: 2023-05-10 06:30 – Updated: 2023-05-10 06:30A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.
{
"affected": [],
"aliases": [
"CVE-2023-2618"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T06:15:17Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.",
"id": "GHSA-v2pm-rv6h-9g9p",
"modified": "2023-05-10T06:30:29Z",
"published": "2023-05-10T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2618"
},
{
"type": "WEB",
"url": "https://github.com/opencv/opencv_contrib/pull/3484"
},
{
"type": "WEB",
"url": "https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.228548"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.228548"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-V347-62GC-CR74
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2025-12-11 18:30In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921: resource leaks at mt7921_check_offload_capability()
Fixed coverity issue with resource leaks at variable "fw" going out of scope leaks the storage it points to mt7921_check_offload_capability().
Addresses-Coverity-ID: 1527806 ("Resource leaks")
{
"affected": [],
"aliases": [
"CVE-2022-50424"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:33Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: resource leaks at mt7921_check_offload_capability()\n\nFixed coverity issue with resource leaks at variable \"fw\" going out of\nscope leaks the storage it points to mt7921_check_offload_capability().\n\nAddresses-Coverity-ID: 1527806 (\"Resource leaks\")",
"id": "GHSA-v347-62gc-cr74",
"modified": "2025-12-11T18:30:36Z",
"published": "2025-10-01T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50424"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47180ecf4541146836c5307c1d5526f8ac6a5a6d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ead3cffd7510dc635d84cd4ea9dd1974fcb69a35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V368-7GCX-F4WJ
Vulnerability from github – Published: 2024-02-28 09:30 – Updated: 2024-12-06 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Free local data after use
Fixes the following memory leak in dc_link_construct():
unreferenced object 0xffffa03e81471400 (size 1024): comm "amd_module_load", pid 2486, jiffies 4294946026 (age 10.544s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000000bdf5c4a>] kmem_cache_alloc_trace+0x30a/0x4a0 [<00000000e7c59f0e>] link_create+0xce/0xac0 [amdgpu] [<000000002fb6c072>] dc_create+0x370/0x720 [amdgpu] [<000000000094d1f3>] amdgpu_dm_init+0x18e/0x17a0 [amdgpu] [<00000000bec048fd>] dm_hw_init+0x12/0x20 [amdgpu] [<00000000a2bb7cf6>] amdgpu_device_init+0x1463/0x1e60 [amdgpu] [<0000000032d3bb13>] amdgpu_driver_load_kms+0x5b/0x330 [amdgpu] [<00000000a27834f9>] amdgpu_pci_probe+0x192/0x280 [amdgpu] [<00000000fec7d291>] local_pci_probe+0x47/0xa0 [<0000000055dbbfa7>] pci_device_probe+0xe3/0x180 [<00000000815da970>] really_probe+0x1c4/0x4e0 [<00000000b4b6974b>] driver_probe_device+0x62/0x150 [<000000000f9ecc61>] device_driver_attach+0x58/0x60 [<000000000f65c843>] __driver_attach+0xd6/0x150 [<000000002f5e3683>] bus_for_each_dev+0x6a/0xc0 [<00000000a1cfc897>] driver_attach+0x1e/0x20
{
"affected": [],
"aliases": [
"CVE-2021-47042"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-28T09:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Free local data after use\n\nFixes the following memory leak in dc_link_construct():\n\nunreferenced object 0xffffa03e81471400 (size 1024):\ncomm \"amd_module_load\", pid 2486, jiffies 4294946026 (age 10.544s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[\u003c000000000bdf5c4a\u003e] kmem_cache_alloc_trace+0x30a/0x4a0\n[\u003c00000000e7c59f0e\u003e] link_create+0xce/0xac0 [amdgpu]\n[\u003c000000002fb6c072\u003e] dc_create+0x370/0x720 [amdgpu]\n[\u003c000000000094d1f3\u003e] amdgpu_dm_init+0x18e/0x17a0 [amdgpu]\n[\u003c00000000bec048fd\u003e] dm_hw_init+0x12/0x20 [amdgpu]\n[\u003c00000000a2bb7cf6\u003e] amdgpu_device_init+0x1463/0x1e60 [amdgpu]\n[\u003c0000000032d3bb13\u003e] amdgpu_driver_load_kms+0x5b/0x330 [amdgpu]\n[\u003c00000000a27834f9\u003e] amdgpu_pci_probe+0x192/0x280 [amdgpu]\n[\u003c00000000fec7d291\u003e] local_pci_probe+0x47/0xa0\n[\u003c0000000055dbbfa7\u003e] pci_device_probe+0xe3/0x180\n[\u003c00000000815da970\u003e] really_probe+0x1c4/0x4e0\n[\u003c00000000b4b6974b\u003e] driver_probe_device+0x62/0x150\n[\u003c000000000f9ecc61\u003e] device_driver_attach+0x58/0x60\n[\u003c000000000f65c843\u003e] __driver_attach+0xd6/0x150\n[\u003c000000002f5e3683\u003e] bus_for_each_dev+0x6a/0xc0\n[\u003c00000000a1cfc897\u003e] driver_attach+0x1e/0x20",
"id": "GHSA-v368-7gcx-f4wj",
"modified": "2024-12-06T21:30:35Z",
"published": "2024-02-28T09:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47042"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/296443139f893b554dddd56a99ba8471ab5802d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/616cf23b6cf40ad6f03ffbddfa1b6c4eb68d8ae1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V36X-FH5G-GVF8
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2022-05-24 16:44A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive through 3.3.3 allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo.
{
"affected": [],
"aliases": [
"CVE-2019-11463"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-23T03:29:00Z",
"severity": "MODERATE"
},
"details": "A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive through 3.3.3 allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo.",
"id": "GHSA-v36x-fh5g-gvf8",
"modified": "2022-05-24T16:44:11Z",
"published": "2022-05-24T16:44:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11463"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/issues/1165"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2019-11463"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-V3MG-HW7C-8V25
Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-15 21:31In the Linux kernel, the following vulnerability has been resolved:
dmaengine: tegra: Fix memory leak in terminate_all()
Terminate vdesc when terminating an ongoing transfer. This will ensure that the vdesc is present in the desc_terminated list The descriptor will be freed later in desc_free_list().
This fixes the memory leaks which can happen when terminating an ongoing transfer.
{
"affected": [],
"aliases": [
"CVE-2023-53014"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T17:15:50Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: tegra: Fix memory leak in terminate_all()\n\nTerminate vdesc when terminating an ongoing transfer.\nThis will ensure that the vdesc is present in the desc_terminated list\nThe descriptor will be freed later in desc_free_list().\n\nThis fixes the memory leaks which can happen when terminating an\nongoing transfer.",
"id": "GHSA-v3mg-hw7c-8v25",
"modified": "2025-04-15T21:31:29Z",
"published": "2025-03-27T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53014"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/567128076d554e41609c61b7d447089094ff72c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7a7ee6f5a019ad72852c001abbce50d35e992f2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V3QG-G58H-8G4V
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.
{
"affected": [],
"aliases": [
"CVE-2020-22044"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-01T21:15:00Z",
"severity": "MODERATE"
},
"details": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.",
"id": "GHSA-v3qg-g58h-8g4v",
"modified": "2022-05-24T19:03:40Z",
"published": "2022-05-24T19:03:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22044"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/8295"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-V43R-53W7-7CRQ
Vulnerability from github – Published: 2024-11-08 06:30 – Updated: 2024-11-29 21:31In the Linux kernel, the following vulnerability has been resolved:
pinctrl: intel: platform: fix error path in device_for_each_child_node()
The device_for_each_child_node() loop requires calls to fwnode_handle_put() upon early returns to decrement the refcount of the child node and avoid leaking memory if that error path is triggered.
There is one early returns within that loop in intel_platform_pinctrl_prepare_community(), but fwnode_handle_put() is missing.
Instead of adding the missing call, the scoped version of the loop can be used to simplify the code and avoid mistakes in the future if new early returns are added, as the child node is only used for parsing, and it is never assigned.
{
"affected": [],
"aliases": [
"CVE-2024-50197"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-08T06:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: intel: platform: fix error path in device_for_each_child_node()\n\nThe device_for_each_child_node() loop requires calls to\nfwnode_handle_put() upon early returns to decrement the refcount of\nthe child node and avoid leaking memory if that error path is triggered.\n\nThere is one early returns within that loop in\nintel_platform_pinctrl_prepare_community(), but fwnode_handle_put() is\nmissing.\n\nInstead of adding the missing call, the scoped version of the loop can\nbe used to simplify the code and avoid mistakes in the future if new\nearly returns are added, as the child node is only used for parsing, and\nit is never assigned.",
"id": "GHSA-v43r-53w7-7crq",
"modified": "2024-11-29T21:31:02Z",
"published": "2024-11-08T06:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50197"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16a6d2e685e8f9a2f51dd5a363d3f97fcad35e22"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be3f7b9f995a6c2ee02767a0319929a2a98adf69"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V4R3-25FR-99FJ
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
{
"affected": [],
"aliases": [
"CVE-2021-1597"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-08T19:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
"id": "GHSA-v4r3-25fr-99fj",
"modified": "2022-05-24T19:07:11Z",
"published": "2022-05-24T19:07:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1597"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.