Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-XR49-7FHC-H2JH

Vulnerability from github – Published: 2022-10-27 12:00 – Updated: 2022-10-28 19:00
VLAI
Details

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3668"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-404"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-26T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008.",
  "id": "GHSA-xr49-7fhc-h2jh",
  "modified": "2022-10-28T19:00:40Z",
  "published": "2022-10-27T12:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3668"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/776"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/files/9640968/Bug_1_POC.zip"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.212008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XR6W-2QH5-HFQQ

Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-15 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sync: fix memory leak in hci_update_adv_data()

When hci_cmd_sync_queue() failed in hci_update_adv_data(), inst_ptr is not freed, which will cause memory leak, convert to use ERR_PTR/PTR_ERR to pass the instance to callback so no memory needs to be allocated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-27T17:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: fix memory leak in hci_update_adv_data()\n\nWhen hci_cmd_sync_queue() failed in hci_update_adv_data(), inst_ptr is\nnot freed, which will cause memory leak, convert to use ERR_PTR/PTR_ERR\nto pass the instance to callback so no memory needs to be allocated.",
  "id": "GHSA-xr6w-2qh5-hfqq",
  "modified": "2025-04-15T21:31:30Z",
  "published": "2025-03-27T18:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53017"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ed8b37cbaf14574c779064ef1372af62e8ba6aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ac6043bd3e5b58d30f50737aedc2e58e8087ad5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XR73-PF2Q-FF9G

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 15:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccree - fix a memory leak in cc_mac_digest()

Add cc_unmap_result() if cc_map_hash_request_final() fails to prevent potential memory leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccree - fix a memory leak in cc_mac_digest()\n\nAdd cc_unmap_result() if cc_map_hash_request_final()\nfails to prevent potential memory leak.",
  "id": "GHSA-xr73-pf2q-ff9g",
  "modified": "2026-06-16T15:33:39Z",
  "published": "2026-05-27T15:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45986"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02c64052fad03699b9c6d1df2f9b444d17e4ac50"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/22f1dd4ca3bfe77db52cc7df3cc353dc114aab8b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3061c9bfb3f5b3522ab174e2fa7473b24422d1c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/502440c235fe34cee02b24d7f893841f7565b3bc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c21d58fcd6ad8e15a539347254093c93224a8b2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7cd17993adb8a5d14a7e84d751316a5fdf0c251f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/910f335786a0a0f0b46c3c8c19a13d25cb4454b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f53458c7c756b3e0838d51cf1e9f41b25079801a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XR98-5C2M-HFWP

Vulnerability from github – Published: 2025-02-10 18:30 – Updated: 2025-02-10 18:30
VLAI
Details

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-10T18:15:34Z",
    "severity": "LOW"
  },
  "details": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I\u0027m not going to commit some of the leak fixes I\u0027ve been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"",
  "id": "GHSA-xr98-5c2m-hfwp",
  "modified": "2025-02-10T18:30:47Z",
  "published": "2025-02-10T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1152"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/attachment.cgi?id=15887"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32576"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.295056"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.295056"
    },
    {
      "type": "WEB",
      "url": "https://www.gnu.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XR9R-HXJ6-96P6

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: fix small mempool leak in SMB2_negotiate()

In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to neg_exit to free the response buffer from mempool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49938"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix small mempool leak in SMB2_negotiate()\n\nIn some cases of failure (dialect mismatches) in SMB2_negotiate(), after\nthe request is sent, the checks would return -EIO when they should be\nrather setting rc = -EIO and jumping to neg_exit to free the response\nbuffer from mempool.",
  "id": "GHSA-xr9r-hxj6-96p6",
  "modified": "2025-11-14T21:30:27Z",
  "published": "2025-06-18T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49938"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27893dfc1285f80f80f46b3b8c95f5d15d2e66d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38a6b469bf22f153282fbe7d702a24e9eb43f50e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9e3c9efa7caf16e5acc05eab5e4d0a714e1610b0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XRMF-4MWM-VR8J

Vulnerability from github – Published: 2023-11-20 15:30 – Updated: 2023-11-30 21:30
VLAI
Details

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-48090"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-20T15:15:09Z",
    "severity": "HIGH"
  },
  "details": "GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.",
  "id": "GHSA-xrmf-4mwm-vr8j",
  "modified": "2023-11-30T21:30:27Z",
  "published": "2023-11-20T15:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48090"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/2680"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XRVP-77WR-X978

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring/zcrx: fix sgtable leak on mapping failures

In an unlikely case when io_populate_area_dma() fails, which could only happen on a PAGE_POOL_32BIT_ARCH_WITH_64BIT_DMA machine, io_zcrx_map_area() will have an initialised and not freed table. It was supposed to be cleaned up in the error path, but !is_mapped prevents that.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43224"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:42Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/zcrx: fix sgtable leak on mapping failures\n\nIn an unlikely case when io_populate_area_dma() fails, which could only\nhappen on a PAGE_POOL_32BIT_ARCH_WITH_64BIT_DMA machine,\nio_zcrx_map_area() will have an initialised and not freed table. It was\nsupposed to be cleaned up in the error path, but !is_mapped prevents\nthat.",
  "id": "GHSA-xrvp-77wr-x978",
  "modified": "2026-05-08T21:31:20Z",
  "published": "2026-05-06T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43224"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a983aae397767e9da931128ff2b5bf9066513ce3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef075c1464ac9047e2cf7d23cb020bfd0b8e4b60"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1ae403324311e143ef20e53cf9a5f01e312f7c9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XRXQ-P636-J73Q

Vulnerability from github – Published: 2024-04-28 15:30 – Updated: 2024-10-29 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()

Commit 8f394da36a36 ("scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG") made the __qlt_24xx_handle_abts() function return early if tcm_qla2xxx_find_cmd_by_tag() didn't find a command, but it missed to clean up the allocated memory for the management command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-28T13:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()\n\nCommit 8f394da36a36 (\"scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG\")\nmade the __qlt_24xx_handle_abts() function return early if\ntcm_qla2xxx_find_cmd_by_tag() didn\u0027t find a command, but it missed to clean\nup the allocated memory for the management command.",
  "id": "GHSA-xrxq-p636-j73q",
  "modified": "2024-10-29T18:30:34Z",
  "published": "2024-04-28T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48650"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/601be20fc6a1b762044d2398befffd6bf236cebf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6a4236ed47f5b0a57eb6b8fb1c351b15b3d341d7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89df49e561b4a8948521fc3f8a013012eaa08f82"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XV6R-2M8V-F893

Vulnerability from github – Published: 2024-03-15 21:30 – Updated: 2025-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix memory leak in ext4_fill_super

Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and subsequently that bh will be leaked.

If blocksizes differ, sb_set_blocksize() will kill current buffers and page cache by using kill_bdev(). And then super block will be reread again but using correct blocksize this time. sb_set_blocksize() didn't fully free superblock page and buffer head, and being busy, they were not freed and instead leaked.

This can easily be reproduced by calling an infinite loop of:

systemctl start .mount, and systemctl stop .mount

... since systemd creates a cgroup for each slice which it mounts, and the bh leak get amplified by a dying memory cgroup that also never gets freed, and memory consumption is much more easily noticed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-15T21:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leak in ext4_fill_super\n\nBuffer head references must be released before calling kill_bdev();\notherwise the buffer head (and its page referenced by b_data) will not\nbe freed by kill_bdev, and subsequently that bh will be leaked.\n\nIf blocksizes differ, sb_set_blocksize() will kill current buffers and\npage cache by using kill_bdev(). And then super block will be reread\nagain but using correct blocksize this time. sb_set_blocksize() didn\u0027t\nfully free superblock page and buffer head, and being busy, they were\nnot freed and instead leaked.\n\nThis can easily be reproduced by calling an infinite loop of:\n\n  systemctl start \u003cext4_on_lvm\u003e.mount, and\n  systemctl stop \u003cext4_on_lvm\u003e.mount\n\n... since systemd creates a cgroup for each slice which it mounts, and\nthe bh leak get amplified by a dying memory cgroup that also never\ngets freed, and memory consumption is much more easily noticed.",
  "id": "GHSA-xv6r-2m8v-f893",
  "modified": "2025-01-07T18:30:38Z",
  "published": "2024-03-15T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47119"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01d349a481f0591230300a9171330136f9159bcd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1385b23396d511d5233b8b921ac3058b3f86a5e1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/afd09b617db3786b6ef3dc43e28fe728cfea84df"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XVXR-RRXW-RFP9

Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-15 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

EDAC/highbank: Fix memory leak in highbank_mc_probe()

When devres_open_group() fails, it returns -ENOMEM without freeing memory allocated by edac_mc_alloc().

Call edac_mc_free() on the error handling path to avoid a memory leak.

[ bp: Massage commit message. ]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-27T17:15:40Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/highbank: Fix memory leak in highbank_mc_probe()\n\nWhen devres_open_group() fails, it returns -ENOMEM without freeing memory\nallocated by edac_mc_alloc().\n\nCall edac_mc_free() on the error handling path to avoid a memory leak.\n\n  [ bp: Massage commit message. ]",
  "id": "GHSA-xvxr-rrxw-rfp9",
  "modified": "2025-04-15T15:30:46Z",
  "published": "2025-03-27T18:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49757"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0db40e23b56d217eebd385bebb64057ef764b2c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/329fbd260352a7b9a83781d8b8bd96f95844a51f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d23f5d25264beb223ee79cdb530b88c237719fc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7863ef8a8f0fee96b4eb41211f4918c0e047253"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/caffa7fed1397d1395052272c93900176de86557"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7a293658c20a7945014570e1921bf7d25d68a36"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1b3e23ed8df87d779ee86ac37f379e79a24169a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.