Common Weakness Enumeration

CWE-772

Allowed

Missing Release of Resource after Effective Lifetime

Abstraction: Base · Status: Draft

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

567 vulnerabilities reference this CWE, most recent first.

GHSA-3W2G-4QX3-2MMW

Vulnerability from github – Published: 2026-02-18 18:30 – Updated: 2026-03-18 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Free sp in error path to fix system crash

System crash seen during load/unload test in a loop,

[61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X. [61110.467494] ============================================================================= [61110.467498] BUG qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown() [61110.467501] -----------------------------------------------------------------------------

[61110.467502] Slab 0x000000000ffc8162 objects=51 used=1 fp=0x00000000e25d3d85 flags=0x57ffffc0010200(slab|head|node=1|zone=2|lastcpupid=0x1fffff) [61110.467509] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1 [61110.467513] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023 [61110.467515] Call Trace: [61110.467516] [61110.467519] dump_stack_lvl+0x34/0x48 [61110.467526] slab_err.cold+0x53/0x67 [61110.467534] __kmem_cache_shutdown+0x16e/0x320 [61110.467540] kmem_cache_destroy+0x51/0x160 [61110.467544] qla2x00_module_exit+0x93/0x99 [qla2xxx] [61110.467607] ? __do_sys_delete_module.constprop.0+0x178/0x280 [61110.467613] ? syscall_trace_enter.constprop.0+0x145/0x1d0 [61110.467616] ? do_syscall_64+0x5c/0x90 [61110.467619] ? exc_page_fault+0x62/0x150 [61110.467622] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [61110.467626] [61110.467627] Disabling lock debugging due to kernel taint [61110.467635] Object 0x0000000026f7e6e6 @offset=16000 [61110.467639] ------------[ cut here ]------------ [61110.467639] kmem_cache_destroy qla2xxx_srbs: Slab cache still has objects when called from qla2x00_module_exit+0x93/0x99 [qla2xxx] [61110.467659] WARNING: CPU: 53 PID: 455206 at mm/slab_common.c:520 kmem_cache_destroy+0x14d/0x160 [61110.467718] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G B OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1 [61110.467720] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023 [61110.467721] RIP: 0010:kmem_cache_destroy+0x14d/0x160 [61110.467724] Code: 99 7d 07 00 48 89 ef e8 e1 6a 07 00 eb b3 48 8b 55 60 48 8b 4c 24 20 48 c7 c6 70 fc 66 90 48 c7 c7 f8 ef a1 90 e8 e1 ed 7c 00 <0f> 0b eb 93 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 [61110.467725] RSP: 0018:ffffa304e489fe80 EFLAGS: 00010282 [61110.467727] RAX: 0000000000000000 RBX: ffffffffc0d9a860 RCX: 0000000000000027 [61110.467729] RDX: ffff8fd5ff9598a8 RSI: 0000000000000001 RDI: ffff8fd5ff9598a0 [61110.467730] RBP: ffff8fb6aaf78700 R08: 0000000000000000 R09: 0000000100d863b7 [61110.467731] R10: ffffa304e489fd20 R11: ffffffff913bef48 R12: 0000000040002000 [61110.467731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [61110.467733] FS: 00007f64c89fb740(0000) GS:ffff8fd5ff940000(0000) knlGS:0000000000000000 [61110.467734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [61110.467735] CR2: 00007f0f02bfe000 CR3: 00000020ad6dc005 CR4: 0000000000770ee0 [61110.467736] PKRU: 55555554 [61110.467737] Call Trace: [61110.467738] [61110.467739] qla2x00_module_exit+0x93/0x99 [qla2xxx] [61110.467755] ? __do_sys_delete_module.constprop.0+0x178/0x280

Free sp in the error path to fix the crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71232"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-18T16:22:29Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Free sp in error path to fix system crash\n\nSystem crash seen during load/unload test in a loop,\n\n[61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.\n[61110.467494] =============================================================================\n[61110.467498] BUG qla2xxx_srbs (Tainted: G           OE    --------  --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown()\n[61110.467501] -----------------------------------------------------------------------------\n\n[61110.467502] Slab 0x000000000ffc8162 objects=51 used=1 fp=0x00000000e25d3d85 flags=0x57ffffc0010200(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[61110.467509] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G           OE    --------  ---  5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467513] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467515] Call Trace:\n[61110.467516]  \u003cTASK\u003e\n[61110.467519]  dump_stack_lvl+0x34/0x48\n[61110.467526]  slab_err.cold+0x53/0x67\n[61110.467534]  __kmem_cache_shutdown+0x16e/0x320\n[61110.467540]  kmem_cache_destroy+0x51/0x160\n[61110.467544]  qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467607]  ? __do_sys_delete_module.constprop.0+0x178/0x280\n[61110.467613]  ? syscall_trace_enter.constprop.0+0x145/0x1d0\n[61110.467616]  ? do_syscall_64+0x5c/0x90\n[61110.467619]  ? exc_page_fault+0x62/0x150\n[61110.467622]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[61110.467626]  \u003c/TASK\u003e\n[61110.467627] Disabling lock debugging due to kernel taint\n[61110.467635] Object 0x0000000026f7e6e6 @offset=16000\n[61110.467639] ------------[ cut here ]------------\n[61110.467639] kmem_cache_destroy qla2xxx_srbs: Slab cache still has objects when called from qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467659] WARNING: CPU: 53 PID: 455206 at mm/slab_common.c:520 kmem_cache_destroy+0x14d/0x160\n[61110.467718] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G    B      OE    --------  ---  5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467720] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467721] RIP: 0010:kmem_cache_destroy+0x14d/0x160\n[61110.467724] Code: 99 7d 07 00 48 89 ef e8 e1 6a 07 00 eb b3 48 8b 55 60 48 8b 4c 24 20 48 c7 c6 70 fc 66 90 48 c7 c7 f8 ef a1 90 e8 e1 ed 7c 00 \u003c0f\u003e 0b eb 93 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 55 48 89\n[61110.467725] RSP: 0018:ffffa304e489fe80 EFLAGS: 00010282\n[61110.467727] RAX: 0000000000000000 RBX: ffffffffc0d9a860 RCX: 0000000000000027\n[61110.467729] RDX: ffff8fd5ff9598a8 RSI: 0000000000000001 RDI: ffff8fd5ff9598a0\n[61110.467730] RBP: ffff8fb6aaf78700 R08: 0000000000000000 R09: 0000000100d863b7\n[61110.467731] R10: ffffa304e489fd20 R11: ffffffff913bef48 R12: 0000000040002000\n[61110.467731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[61110.467733] FS:  00007f64c89fb740(0000) GS:ffff8fd5ff940000(0000) knlGS:0000000000000000\n[61110.467734] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[61110.467735] CR2: 00007f0f02bfe000 CR3: 00000020ad6dc005 CR4: 0000000000770ee0\n[61110.467736] PKRU: 55555554\n[61110.467737] Call Trace:\n[61110.467738]  \u003cTASK\u003e\n[61110.467739]  qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467755]  ? __do_sys_delete_module.constprop.0+0x178/0x280\n\nFree sp in the error path to fix the crash.",
  "id": "GHSA-3w2g-4qx3-2mmw",
  "modified": "2026-03-18T18:31:12Z",
  "published": "2026-02-18T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71232"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05fcd590e5fbbb3e9e1b4fc6c23c98a1d38cf256"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19ac050ef09a2f0a9d9787540f77bb45cf9033e8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7adbd2b7809066c75f0433e5e2a8e114b429f30f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e7597b4efee6143439641bc6522f247d585e060"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aed16d37696f494288a291b4b477484ed0be774b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b410ab8b9431d6d63d04caa1d69909fcc8b25eae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b74408de1f2264220979f0c6a5a9d5e50b5b534b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f04840512438ac025dea6e357d80a986b28bbe4c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3WC6-3HC2-3WC8

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2023-01-20 21:30
VLAI
Details

In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-18198"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-18T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.",
  "id": "GHSA-3wc6-3hc2-3wc8",
  "modified": "2023-01-20T21:30:33Z",
  "published": "2022-05-24T16:59:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18198"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/ca7a03c4175366a92cee0ccc4fec0038c3266e26"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/bugs/1847478"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191031-0005"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4161-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3X73-WM98-JH2G

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39282"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-18T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.",
  "id": "GHSA-3x73-wm98-jh2g",
  "modified": "2022-05-24T19:11:30Z",
  "published": "2022-05-24T19:11:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39282"
    },
    {
      "type": "WEB",
      "url": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html"
    },
    {
      "type": "WEB",
      "url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-42P2-4VV3-9QV4

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37
VLAI
Details

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-35679"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-24T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a \"very significant\" memory leak via messages to an instance that performs many regex lookups.",
  "id": "GHSA-42p2-4vv3-9qv4",
  "modified": "2022-05-24T17:37:16Z",
  "published": "2022-05-24T17:37:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35679"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC"
    },
    {
      "type": "WEB",
      "url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202105-12"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-447V-MW2W-93H8

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06
VLAI
Details

The ambientIlluminationColor property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-6701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-10-14T23:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The ambientIlluminationColor property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704.",
  "id": "GHSA-447v-mw2w-93h8",
  "modified": "2022-05-13T01:06:40Z",
  "published": "2022-05-13T01:06:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6701"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033796"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-479"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4585-X37M-6P5H

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-10T03:29:00Z",
    "severity": "HIGH"
  },
  "details": "The ReadMATImage function in coders\\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.",
  "id": "GHSA-4585-x37m-6p5h",
  "modified": "2022-05-13T01:42:09Z",
  "published": "2022-05-13T01:42:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11141"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/469"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99506"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-46PJ-M82H-8PX5

Vulnerability from github – Published: 2025-01-28 00:32 – Updated: 2025-11-03 21:32
VLAI
Details

This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An attacker may be able to cause unexpected app termination.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-27T22:15:17Z",
    "severity": "HIGH"
  },
  "details": "This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An attacker may be able to cause unexpected app termination.",
  "id": "GHSA-46pj-m82h-8px5",
  "modified": "2025-11-03T21:32:24Z",
  "published": "2025-01-28T00:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24120"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122068"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122069"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122070"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jan/15"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jan/16"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jan/17"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-472W-7W45-G3W5

Vulnerability from github – Published: 2025-04-14 17:49 – Updated: 2025-07-21 16:49
VLAI
Summary
Pleezer resource exhaustion through uncollected hook script processes
Details

Impact

Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In affected versions, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table.

Even during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system's process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic.

This vulnerability affects all users who have configured hook scripts using the --hook option.

Patches

This issue has been fixed in version 0.16.0. Users should upgrade to this version, which properly manages child processes using asynchronous process handling and cleanup.

Workarounds

Users who cannot upgrade immediately can: - Disable hook scripts by removing the --hook option - Ensure hook scripts handle their own child process cleanup - Regularly restart pleezer to clear accumulated zombie processes

References

  • Initial report: https://github.com/roderickvd/pleezer/discussions/83#discussioncomment-12818199
  • Fix commit: 436a5f1e4c08989b58dbba2b0ffa423458016c2d
  • Fixed release: https://github.com/roderickvd/pleezer/releases/tag/v0.16.0
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "pleezer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.16.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-32439"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-460",
      "CWE-772"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-14T17:49:15Z",
    "nvd_published_at": "2025-04-15T20:15:39Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nHook scripts in pleezer can be triggered by various events like track changes and playback state changes. In affected versions, these scripts were spawned without proper process cleanup, leaving zombie processes in the system\u0027s process table.\n\nEven during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system\u0027s process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic.\n\nThis vulnerability affects all users who have configured hook scripts using the `--hook` option.\n\n### Patches\nThis issue has been fixed in version 0.16.0. Users should upgrade to this version, which properly manages child processes using asynchronous process handling and cleanup.\n\n### Workarounds\nUsers who cannot upgrade immediately can:\n- Disable hook scripts by removing the `--hook` option\n- Ensure hook scripts handle their own child process cleanup\n- Regularly restart pleezer to clear accumulated zombie processes\n\n### References\n- Initial report: https://github.com/roderickvd/pleezer/discussions/83#discussioncomment-12818199\n- Fix commit: 436a5f1e4c08989b58dbba2b0ffa423458016c2d\n- Fixed release: https://github.com/roderickvd/pleezer/releases/tag/v0.16.0",
  "id": "GHSA-472w-7w45-g3w5",
  "modified": "2025-07-21T16:49:50Z",
  "published": "2025-04-14T17:49:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/roderickvd/pleezer/security/advisories/GHSA-472w-7w45-g3w5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32439"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roderickvd/pleezer/commit/436a5f1e4c08989b58dbba2b0ffa423458016c2d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/roderickvd/pleezer"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roderickvd/pleezer/discussions/83#discussioncomment-12818199"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roderickvd/pleezer/releases/tag/v0.16.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Pleezer resource exhaustion through uncollected hook script processes"
}

GHSA-4822-JVWX-W47H

Vulnerability from github – Published: 2022-04-01 18:16 – Updated: 2022-11-28 16:18
VLAI
Summary
Uncontrolled Resource Consumption in Matrix Synapse
Details

Impact

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after max_spider_size (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast).

This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled.

Patches

1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview.

We recommend upgrading to 1.53.0 to fully resolve the issue.

Workarounds

Turn off URL preview functionality by setting url_preview_enabled: false in the Synapse configuration file.

References

  • Patch (timeout): https://github.com/matrix-org/synapse/pull/11784
  • Patch (content type allow list): https://github.com/matrix-org/synapse/pull/11936

For more information

If you have any questions or comments about this advisory, e-mail us at security@matrix.org.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "matrix-synapse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.53.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41952"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-772"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-01T18:16:42Z",
    "nvd_published_at": "2022-11-22T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nSynapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast).\n\nThis can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled.\n\n### Patches\n1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview.\n\nWe recommend upgrading to 1.53.0 to fully resolve the issue.\n\n### Workarounds\nTurn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.\n\n### References\n- Patch (timeout): https://github.com/matrix-org/synapse/pull/11784\n- Patch (content type allow list): https://github.com/matrix-org/synapse/pull/11936\n\n### For more information\nIf you have any questions or comments about this advisory, e-mail us at security@matrix.org.\n",
  "id": "GHSA-4822-jvwx-w47h",
  "modified": "2022-11-28T16:18:30Z",
  "published": "2022-04-01T18:16:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41952"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/synapse/pull/11784"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/synapse/pull/11936"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/matrix-org/synapse"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/synapse/releases/tag/v1.52.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/synapse/releases/tag/v1.53.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Uncontrolled Resource Consumption in Matrix Synapse"
}

GHSA-4979-FM5G-X49Q

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46
VLAI
Details

_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-10T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.",
  "id": "GHSA-4979-fm5g-x49q",
  "modified": "2025-04-20T03:46:32Z",
  "published": "2022-05-13T01:43:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15225"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22212"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Mitigation
Implementation

It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions.

Mitigation MIT-47
Operation Architecture and Design

Strategy: Resource Limitation

  • Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.
  • When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.
  • Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703).
CAPEC-469: HTTP DoS

An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.