CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
1991 vulnerabilities reference this CWE, most recent first.
GHSA-XWGM-HJ5F-P996
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-09-26 15:30In the Linux kernel, the following vulnerability has been resolved:
firewire: ohci: prevent leak of left-over IRQ on unbind
Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ") also removed the call to free_irq() in pci_remove(), leading to a leftover irq of devm_request_irq() at pci_disable_msi() in pci_remove() when unbinding the driver from the device
remove_proc_entry: removing non-empty directory 'irq/136', leaking at least 'firewire_ohci' Call Trace: ? remove_proc_entry+0x19c/0x1c0 ? __warn+0x81/0x130 ? remove_proc_entry+0x19c/0x1c0 ? report_bug+0x171/0x1a0 ? console_unlock+0x78/0x120 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? remove_proc_entry+0x19c/0x1c0 unregister_irq_proc+0xf4/0x120 free_desc+0x3d/0xe0 ? kfree+0x29f/0x2f0 irq_free_descs+0x47/0x70 msi_domain_free_locked.part.0+0x19d/0x1d0 msi_domain_free_irqs_all_locked+0x81/0xc0 pci_free_msi_irqs+0x12/0x40 pci_disable_msi+0x4c/0x60 pci_remove+0x9d/0xc0 [firewire_ohci 01b483699bebf9cb07a3d69df0aa2bee71db1b26] pci_device_remove+0x37/0xa0 device_release_driver_internal+0x19f/0x200 unbind_store+0xa1/0xb0
remove irq with devm_free_irq() before pci_disable_msi() also remove it in fail_msi: of pci_probe() as this would lead to an identical leak
{
"affected": [],
"aliases": [
"CVE-2024-35816"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T14:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: prevent leak of left-over IRQ on unbind\n\nCommit 5a95f1ded28691e6 (\"firewire: ohci: use devres for requested IRQ\")\nalso removed the call to free_irq() in pci_remove(), leading to a\nleftover irq of devm_request_irq() at pci_disable_msi() in pci_remove()\nwhen unbinding the driver from the device\n\nremove_proc_entry: removing non-empty directory \u0027irq/136\u0027, leaking at\nleast \u0027firewire_ohci\u0027\nCall Trace:\n ? remove_proc_entry+0x19c/0x1c0\n ? __warn+0x81/0x130\n ? remove_proc_entry+0x19c/0x1c0\n ? report_bug+0x171/0x1a0\n ? console_unlock+0x78/0x120\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? remove_proc_entry+0x19c/0x1c0\n unregister_irq_proc+0xf4/0x120\n free_desc+0x3d/0xe0\n ? kfree+0x29f/0x2f0\n irq_free_descs+0x47/0x70\n msi_domain_free_locked.part.0+0x19d/0x1d0\n msi_domain_free_irqs_all_locked+0x81/0xc0\n pci_free_msi_irqs+0x12/0x40\n pci_disable_msi+0x4c/0x60\n pci_remove+0x9d/0xc0 [firewire_ohci\n 01b483699bebf9cb07a3d69df0aa2bee71db1b26]\n pci_device_remove+0x37/0xa0\n device_release_driver_internal+0x19f/0x200\n unbind_store+0xa1/0xb0\n\nremove irq with devm_free_irq() before pci_disable_msi()\nalso remove it in fail_msi: of pci_probe() as this would lead to\nan identical leak",
"id": "GHSA-xwgm-hj5f-p996",
"modified": "2025-09-26T15:30:22Z",
"published": "2024-05-17T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35816"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/318f6d53dd425c400e35f1a9b7af682c2c6a66d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43c70cbc2502cf2557105c662eeed6a15d082b88"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/575801663c7dc38f826212b39e3b91a4a8661c33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XWJ2-C9HW-P6P6
Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-01-07 21:30In the Linux kernel, the following vulnerability has been resolved:
mm, slub: fix potential memoryleak in kmem_cache_open()
In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources.
{
"affected": [],
"aliases": [
"CVE-2021-47466"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T07:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: fix potential memoryleak in kmem_cache_open()\n\nIn error path, the random_seq of slub cache might be leaked. Fix this\nby using __kmem_cache_release() to release all the relevant resources.",
"id": "GHSA-xwj2-c9hw-p6p6",
"modified": "2025-01-07T21:30:54Z",
"published": "2024-05-22T09:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47466"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42b81946e3ac9ea0372ba16e05160dc11e02694f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f5d1c29cfab5cb0ab885059818751bdef32e2bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/568f906340b43120abd6fcc67c37396482f85930"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9037c57681d25e4dcc442d940d6dbe24dd31f461"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XWJ8-PPX9-J533
Vulnerability from github – Published: 2026-01-20 15:33 – Updated: 2026-01-20 15:33Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive and, in some cases, result in a major nonrecoverable fault. Recovery may require a restart.
{
"affected": [],
"aliases": [
"CVE-2025-14027"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-20T14:16:07Z",
"severity": "HIGH"
},
"details": "Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive and, in some cases, result in a major nonrecoverable fault. Recovery may require a restart.",
"id": "GHSA-xwj8-ppx9-j533",
"modified": "2026-01-20T15:33:12Z",
"published": "2026-01-20T15:33:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14027"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1769.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XWMX-QHV2-JX64
Vulnerability from github – Published: 2024-02-05 18:31 – Updated: 2025-09-15 15:31gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
{
"affected": [],
"aliases": [
"CVE-2024-24267"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-05T18:15:52Z",
"severity": "HIGH"
},
"details": "gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.",
"id": "GHSA-xwmx-qhv2-jx64",
"modified": "2025-09-15T15:31:08Z",
"published": "2024-02-05T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24267"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/2571"
},
{
"type": "WEB",
"url": "https://github.com/NixOS/nixpkgs/pull/305402"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/d28d9ba45cf4f628a7b2c351849a895e6fcf2234"
},
{
"type": "WEB",
"url": "https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XWXP-FCPW-W82J
Vulnerability from github – Published: 2024-05-19 12:30 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
The call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an unsuccessful status. In such cases, the elsiocb is not issued, the completion is not called, and thus the elsiocb resource is leaked.
Check return value after calling lpfc_sli4_resume_rpi() and conditionally release the elsiocb resource.
{
"affected": [],
"aliases": [
"CVE-2024-35930"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T11:15:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()\n\nThe call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an\nunsuccessful status. In such cases, the elsiocb is not issued, the\ncompletion is not called, and thus the elsiocb resource is leaked.\n\nCheck return value after calling lpfc_sli4_resume_rpi() and conditionally\nrelease the elsiocb resource.",
"id": "GHSA-xwxp-fcpw-w82j",
"modified": "2026-05-12T12:31:49Z",
"published": "2024-05-19T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35930"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07a2aa674fca679316b8ac51440adb895b53a7cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ae917d4bcab80ab304b774d492e2fcd6c52c06b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3320126ed3afbc11934502319b340f91a4d61c8f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7849e6f8410da96384e3d1f6b6d730f095142dc7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c473288f27d15014447de5a891bdf22a0695847a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e2cd32435b1dff3d63759476a3abc878e02fb6c8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/edf82aa7e9eb864a09229392054d131b34a5c9e8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ee0b5f96b6d66a1e6698228dcb41df11ec7f352f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XX6P-PXPQ-H557
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 21:30In the Linux kernel, the following vulnerability has been resolved:
net: lan966x: fix page pool leak in error paths
lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if the subsequent fdma_alloc_coherent() call fails, leaking the pool.
Similarly, lan966x_fdma_init() frees the coherent DMA memory when lan966x_fdma_tx_alloc() fails but does not destroy the page pool that was successfully created by lan966x_fdma_rx_alloc(), leaking it.
Add the missing page_pool_destroy() calls in both error paths.
{
"affected": [],
"aliases": [
"CVE-2026-31645"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan966x: fix page pool leak in error paths\n\nlan966x_fdma_rx_alloc() creates a page pool but does not destroy it if\nthe subsequent fdma_alloc_coherent() call fails, leaking the pool.\n\nSimilarly, lan966x_fdma_init() frees the coherent DMA memory when\nlan966x_fdma_tx_alloc() fails but does not destroy the page pool that\nwas successfully created by lan966x_fdma_rx_alloc(), leaking it.\n\nAdd the missing page_pool_destroy() calls in both error paths.",
"id": "GHSA-xx6p-pxpq-h557",
"modified": "2026-04-27T21:30:49Z",
"published": "2026-04-24T15:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31645"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/076344a6ad9d1308faaed1402fdcfdda68b604ab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22e1ee9f22b5c3bb702bb6d4167d770002a85b2b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4941e234cfd67ac911fb259642b453f9f76aac41"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/73e940c4249dc5ec6422d1fae535d192fb125955"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XX9H-RQRV-PWC2
Vulnerability from github – Published: 2025-09-23 18:30 – Updated: 2025-09-23 18:30In the Linux kernel, the following vulnerability has been resolved:
scsi: pm8001: Fix tag leaks on error
In pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(), pm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls to pm8001_tag_free() to free the allocated tag when pm8001_mpi_build_cmd() fails.
Similarly, in pm8001_exec_internal_task_abort(), if the chip ->task_abort method fails, the tag allocated for the abort request task must be freed. Add the missing call to pm8001_tag_free().
{
"affected": [],
"aliases": [
"CVE-2022-49121"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix tag leaks on error\n\nIn pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(),\npm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls\nto pm8001_tag_free() to free the allocated tag when pm8001_mpi_build_cmd()\nfails.\n\nSimilarly, in pm8001_exec_internal_task_abort(), if the chip -\u003etask_abort\nmethod fails, the tag allocated for the abort request task must be\nfreed. Add the missing call to pm8001_tag_free().",
"id": "GHSA-xx9h-rqrv-pwc2",
"modified": "2025-09-23T18:30:20Z",
"published": "2025-09-23T18:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49121"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43c617eefab7077d69f5989ad3e2a273da1d728b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4c8f04b1905cd4b776d0b720463c091545478ef7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9cc72bcc1c096ed42c91646f130d4b4191580a4c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0bb65eadbf942024226241d9d99fed17168940b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bdc74815f1c39905054b7d47399e0260b201b14d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XXC5-272V-5WC3
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-10 21:30In the Linux kernel, the following vulnerability has been resolved:
octeon_ep: fix potential memory leak in octep_device_setup()
When occur unsupported_dev and mbox init errors, it did not free oct->conf and iounmap() oct->mmio[i].hw_addr. That would trigger memory leak problem. Add kfree() for oct->conf and iounmap() for oct->mmio[i].hw_addr under unsupported_dev and mbox init errors to fix the problem.
{
"affected": [],
"aliases": [
"CVE-2022-49819"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: fix potential memory leak in octep_device_setup()\n\nWhen occur unsupported_dev and mbox init errors, it did not free oct-\u003econf\nand iounmap() oct-\u003emmio[i].hw_addr. That would trigger memory leak problem.\nAdd kfree() for oct-\u003econf and iounmap() for oct-\u003emmio[i].hw_addr under\nunsupported_dev and mbox init errors to fix the problem.",
"id": "GHSA-xxc5-272v-5wc3",
"modified": "2025-11-10T21:30:27Z",
"published": "2025-05-01T15:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49819"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/67b65a0db8a7fdad43159819f41335497a4bb04f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e4041be97b15302ebfffda8bbd45f3b2d096048f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XXH7-FCF3-RJ7F
Vulnerability from github – Published: 2026-03-05 21:27 – Updated: 2026-03-05 21:27Description (as reported)
There is a memory leak when using GzipHandler in jetty-12.0.30 that can cause off-heap OOMs. This can be used for DoS attacks so I'm reporting this as a vulnerability.
The leak is created by requests where the request is inflated (Content-Encoding: gzip) and the response is not deflated (no Accept-Encoding: gzip). In these conditions, a new inflator will be created by GzipRequest and never released back into GzipRequest.__inflaterPool because gzipRequest.destory() is not called.
In heap dumps one can see thousands of java.util.zip.Inflator objects, which use both Java heaps and native memory. Leaking native memory causes of off-heap OOMs.
Code path in GzipHandler.handle():
1. Line 601: GzipRequest is created when request inflation is needed.
2. Lines 611-616: The callback is only wrapped in GzipResponseAndCallback when both inflation and deflation are needed.
3. Lines 619-625: If the handler accepts the request (returns true), gzipRequest.destroy() is only called in the "request not accepted" path (returns false)
When deflation is needed, GzipResponseAndCallback (lines 102 and 116) properly calls gzipRequest.destroy() in its succeeded() and failed() methods. But this wrapper is only created when deflation is needed.
Possible fix:
The callback should be wrapped whenever a GzipRequest is created, not just when deflation is needed. This ensures gzipRequest.destroy() is always called when the request completes.
Impact
The leak causes the JVM to crash with OOME.
Patches
No patches yet.
Workarounds
Disable GzipHandler.
References
https://github.com/jetty/jetty.project/issues/14260
https://gitlab.eclipse.org/security/cve-assignment/-/issues/79
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.1.5"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-server"
},
"ranges": [
{
"events": [
{
"introduced": "12.1.0"
},
{
"fixed": "12.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.0.31"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-server"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.0.32"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1605"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-05T21:27:59Z",
"nvd_published_at": "2026-03-05T10:15:56Z",
"severity": "HIGH"
},
"details": "### Description (as reported)\n\nThere is a memory leak when using `GzipHandler` in jetty-12.0.30 that can cause off-heap OOMs. This can be used for DoS attacks so I\u0027m reporting this as a vulnerability.\n\nThe leak is created by requests where the request is inflated (`Content-Encoding: gzip`) and the response is not deflated (no `Accept-Encoding: gzip`). In these conditions, a new inflator will be created by `GzipRequest` and never released back into `GzipRequest.__inflaterPool` because `gzipRequest.destory()` is not called.\n\nIn heap dumps one can see thousands of `java.util.zip.Inflator` objects, which use both Java heaps and native memory. Leaking native memory causes of off-heap OOMs.\n\nCode path in `GzipHandler.handle()`:\n1. Line 601: `GzipRequest` is created when request inflation is needed.\n2. Lines 611-616: The callback is only wrapped in `GzipResponseAndCallback` when both inflation and deflation are needed.\n3. Lines 619-625: If the handler accepts the request (returns true), `gzipRequest.destroy()` is only called in the \"request not accepted\" path (returns false)\n\nWhen deflation is needed, `GzipResponseAndCallback` (lines 102 and 116) properly calls `gzipRequest.destroy()` in its `succeeded()` and `failed()` methods. But this wrapper is only created when deflation is needed.\n\nPossible fix:\nThe callback should be wrapped whenever a `GzipRequest` is created, not just when deflation is needed. This ensures `gzipRequest.destroy()` is always called when the request completes.\n\n\n### Impact\nThe leak causes the JVM to crash with OOME.\n\n### Patches\nNo patches yet.\n\n### Workarounds\nDisable `GzipHandler`.\n\n### References\nhttps://github.com/jetty/jetty.project/issues/14260\n\nhttps://gitlab.eclipse.org/security/cve-assignment/-/issues/79",
"id": "GHSA-xxh7-fcf3-rj7f",
"modified": "2026-03-05T21:27:59Z",
"published": "2026-03-05T21:27:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-xxh7-fcf3-rj7f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1605"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/issues/14260"
},
{
"type": "PACKAGE",
"url": "https://github.com/jetty/jetty.project"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/79"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "The Eclipse Jetty Server Artifact has a Gzip request memory leak "
}
GHSA-XXQJ-98Q4-MP83
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2023-03-02 18:30ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
{
"affected": [],
"aliases": [
"CVE-2019-13310"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-05T01:15:00Z",
"severity": "MODERATE"
},
"details": "ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.",
"id": "GHSA-xxqj-98q4-mp83",
"modified": "2023-03-02T18:30:32Z",
"published": "2022-05-24T16:49:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13310"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1616"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2d"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4192-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.