CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-QHFV-HFVW-JQHQ
Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2024-03-21 03:33vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs.
{
"affected": [],
"aliases": [
"CVE-2020-8991"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-14T05:15:00Z",
"severity": "MODERATE"
},
"details": "vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs.",
"id": "GHSA-qhfv-hfvw-jqhq",
"modified": "2024-03-21T03:33:54Z",
"published": "2022-05-24T17:09:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8991"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/?p=lvm2.git%3Ba=commit%3Bh=bcf9556b8fcd16ad8997f80cc92785f295c66701"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-QHR6-6CGV-6638
Vulnerability from github – Published: 2025-12-10 21:30 – Updated: 2025-12-11 15:47Description
In the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load.
Affected product and versions
You may be affected by this vulnerability if you meet the following preconditions: - Using the Okta Java SDK between versions 21.0.0 and 24.0.0, and - Implementing a long-running application using the ApiClient in a multi-threaded manner.
Resolution
Upgrade Okta/okta-sdk-java to versions 24.0.1 or greater.
Acknowledgement
Okta would like to thank Andrew Pikler (pyckle) for their discovery and responsible disclosure.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 24.0.0"
},
"package": {
"ecosystem": "Maven",
"name": "com.okta.sdk:okta-sdk-root"
},
"ranges": [
{
"events": [
{
"introduced": "21.0.0"
},
{
"fixed": "24.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66033"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-10T21:30:55Z",
"nvd_published_at": "2025-12-10T22:16:27Z",
"severity": "MODERATE"
},
"details": "### Description\nIn the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load.\n\n### Affected product and versions\nYou may be affected by this vulnerability if you meet the following preconditions:\n- Using the Okta Java SDK between versions 21.0.0 and 24.0.0, and\n- Implementing a long-running application using the ApiClient in a multi-threaded manner.\n\n### Resolution\nUpgrade Okta/okta-sdk-java to versions 24.0.1 or greater. \n\n### Acknowledgement\nOkta would like to thank Andrew Pikler (pyckle) for their discovery and responsible disclosure.",
"id": "GHSA-qhr6-6cgv-6638",
"modified": "2025-12-11T15:47:30Z",
"published": "2025-12-10T21:30:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/okta/okta-sdk-java/security/advisories/GHSA-qhr6-6cgv-6638"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66033"
},
{
"type": "WEB",
"url": "https://github.com/okta/okta-sdk-java/commit/1daa9229a70fc38fb252aeaa637f82d0b0729b3f"
},
{
"type": "PACKAGE",
"url": "https://github.com/okta/okta-sdk-java"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Memory Cleanup in the Okta Java SDK"
}
GHSA-QJF3-5P7Q-6R9M
Vulnerability from github – Published: 2026-03-04 21:32 – Updated: 2026-03-04 21:32A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition.
This vulnerability is due to improperly validating input by the OSPF protocol when parsing packets. An attacker could exploit this vulnerability by by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.
{
"affected": [],
"aliases": [
"CVE-2026-20021"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T19:16:12Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition.\n\n This vulnerability is due to improperly validating input by the OSPF protocol when parsing packets. An attacker could exploit this vulnerability by by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.",
"id": "GHSA-qjf3-5p7q-6r9m",
"modified": "2026-03-04T21:32:45Z",
"published": "2026-03-04T21:32:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20021"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospf-ZH8PhbSW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-QJGM-WR4W-H2G9
Vulnerability from github – Published: 2024-02-27 15:30 – Updated: 2025-11-04 21:31libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.
{
"affected": [],
"aliases": [
"CVE-2024-27507"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T15:15:07Z",
"severity": "HIGH"
},
"details": "libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.",
"id": "GHSA-qjgm-wr4w-h2g9",
"modified": "2025-11-04T21:31:14Z",
"published": "2024-02-27T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27507"
},
{
"type": "WEB",
"url": "https://github.com/LuMingYinDetect/libLAS_defects/blob/main/libLAS_detect_1.md"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QRV2D4GYUZNZRJHVGFSYSOSZLCETI4E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2B6GZQ3WUVFNAAWFQJAQY7UM4OH5TA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOY7E2QWQRVXZTJGI7Z4KXGSU6BGEKH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2B6GZQ3WUVFNAAWFQJAQY7UM4OH5TA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOY7E2QWQRVXZTJGI7Z4KXGSU6BGEKH"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QJH2-VWWM-CQJ6
Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 18:30In the Linux kernel, the following vulnerability has been resolved:
cassini: Fix a memory leak in the error handling path of cas_init_one()
cas_saturn_firmware_init() allocates some memory using vmalloc(). This memory is freed in the .remove() function but not it the error handling path of the probe.
Add the missing vfree() to avoid a memory leak, should an error occur.
{
"affected": [],
"aliases": [
"CVE-2023-53435"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T16:15:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncassini: Fix a memory leak in the error handling path of cas_init_one()\n\ncas_saturn_firmware_init() allocates some memory using vmalloc(). This\nmemory is freed in the .remove() function but not it the error handling\npath of the probe.\n\nAdd the missing vfree() to avoid a memory leak, should an error occur.",
"id": "GHSA-qjh2-vwwm-cqj6",
"modified": "2025-12-11T18:30:34Z",
"published": "2025-09-18T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53435"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11c0ed097a874156957b515d0ba7e356142eab87"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/172146c26f0c1b86ab4e9ebffc7e06f04229fa17"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/234e744d86bd95b381d24546df2dba72804e0219"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/412cd77a2c24b191c65ea53025222418db09817c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/60d8e8b88087d68e10c8991a0f6733fa2f963ff0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b8b1a667744741fa7807b09a12797a27f14f3fac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc61f7582cc92d547d02e141cd66f5d1f4ed8012"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e20105d967ab5b53ff50a0e5991fe37324d2ba20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QM45-PH68-VWCC
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c.
{
"affected": [],
"aliases": [
"CVE-2021-34183"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-25T15:15:00Z",
"severity": "HIGH"
},
"details": "ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c.",
"id": "GHSA-qm45-ph68-vwcc",
"modified": "2022-05-24T19:06:19Z",
"published": "2022-05-24T19:06:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34183"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/3767"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QM4J-Q6JH-QW3P
Vulnerability from github – Published: 2024-08-22 03:31 – Updated: 2024-09-12 15:32In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Fix I/O page table memory leak
The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memory leak, and can be observed when launching VM w/ pass-through devices.
Fix by freeing the memory used for page table before updating the mode.
{
"affected": [],
"aliases": [
"CVE-2022-48904"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-22T02:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix I/O page table memory leak\n\nThe current logic updates the I/O page table mode for the domain\nbefore calling the logic to free memory used for the page table.\nThis results in IOMMU page table memory leak, and can be observed\nwhen launching VM w/ pass-through devices.\n\nFix by freeing the memory used for page table before updating the mode.",
"id": "GHSA-qm4j-q6jh-qw3p",
"modified": "2024-09-12T15:32:59Z",
"published": "2024-08-22T03:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48904"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/378e2fe1eb58d5c2ed55c8fe5e11f9db5033cdd6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b0b2d9a6a308bcd9300c2d83000a82812c56cea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c78627f757e37c2cf386b59c700c4e1574988597"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QM56-9FRH-42H4
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
{
"affected": [],
"aliases": [
"CVE-2021-1596"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-08T19:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
"id": "GHSA-qm56-9frh-42h4",
"modified": "2022-05-24T19:07:11Z",
"published": "2022-05-24T19:07:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1596"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QM84-5C9V-92XM
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
ipc: fix memleak if msg_init_ns failed in create_ipc_ns
Percpu memory allocation may failed during create_ipc_ns however this fail is not handled properly since ipc sysctls and mq sysctls is not released properly. Fix this by release these two resource when failure.
Here is the kmemleak stack when percpu failed:
unreferenced object 0xffff88819de2a600 (size 512): comm "shmem_2nstest", pid 120711, jiffies 4300542254 hex dump (first 32 bytes): 60 aa 9d 84 ff ff ff ff fc 18 48 b2 84 88 ff ff `.........H..... 04 00 00 00 a4 01 00 00 20 e4 56 81 ff ff ff ff ........ .V..... backtrace (crc be7cba35): [] __kmalloc_node_track_caller_noprof+0x333/0x420 [] kmemdup_noprof+0x26/0x50 [] setup_mq_sysctls+0x57/0x1d0 [] copy_ipcs+0x29c/0x3b0 [] create_new_namespaces+0x1d0/0x920 [] copy_namespaces+0x2e9/0x3e0 [] copy_process+0x29f3/0x7ff0 [] kernel_clone+0xc0/0x650 [] __do_sys_clone+0xa1/0xe0 [] do_syscall_64+0xbf/0x1c0 [] entry_SYSCALL_64_after_hwframe+0x4b/0x53
{
"affected": [],
"aliases": [
"CVE-2024-53175"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T14:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix memleak if msg_init_ns failed in create_ipc_ns\n\nPercpu memory allocation may failed during create_ipc_ns however this\nfail is not handled properly since ipc sysctls and mq sysctls is not\nreleased properly. Fix this by release these two resource when failure.\n\nHere is the kmemleak stack when percpu failed:\n\nunreferenced object 0xffff88819de2a600 (size 512):\n comm \"shmem_2nstest\", pid 120711, jiffies 4300542254\n hex dump (first 32 bytes):\n 60 aa 9d 84 ff ff ff ff fc 18 48 b2 84 88 ff ff `.........H.....\n 04 00 00 00 a4 01 00 00 20 e4 56 81 ff ff ff ff ........ .V.....\n backtrace (crc be7cba35):\n [\u003cffffffff81b43f83\u003e] __kmalloc_node_track_caller_noprof+0x333/0x420\n [\u003cffffffff81a52e56\u003e] kmemdup_noprof+0x26/0x50\n [\u003cffffffff821b2f37\u003e] setup_mq_sysctls+0x57/0x1d0\n [\u003cffffffff821b29cc\u003e] copy_ipcs+0x29c/0x3b0\n [\u003cffffffff815d6a10\u003e] create_new_namespaces+0x1d0/0x920\n [\u003cffffffff815d7449\u003e] copy_namespaces+0x2e9/0x3e0\n [\u003cffffffff815458f3\u003e] copy_process+0x29f3/0x7ff0\n [\u003cffffffff8154b080\u003e] kernel_clone+0xc0/0x650\n [\u003cffffffff8154b6b1\u003e] __do_sys_clone+0xa1/0xe0\n [\u003cffffffff843df8ff\u003e] do_syscall_64+0xbf/0x1c0\n [\u003cffffffff846000b0\u003e] entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"id": "GHSA-qm84-5c9v-92xm",
"modified": "2025-11-03T21:31:47Z",
"published": "2024-12-27T15:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53175"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10209665b5bf199f8065b2e7d2b2dc6cdf227117"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d230cfd4b9b0558c7b2039ba1def2ce6b6cd158"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8fed302872e26c7bf44d855c53a1cde747172d58"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/928de5fcd462498b8334107035da8ab85e316d8a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bc8f5921cd69188627c08041276238de222ab466"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QMGF-9W4W-Q3MJ
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.
{
"affected": [],
"aliases": [
"CVE-2016-9915"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-29T22:59:00Z",
"severity": "MODERATE"
},
"details": "Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.",
"id": "GHSA-qmgf-9w4w-q3mj",
"modified": "2022-05-13T01:13:40Z",
"published": "2022-05-13T01:13:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9915"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=971f406b77a6eb84e0ad27dcc416b663765aee30"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94729"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.