Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2001 vulnerabilities reference this CWE, most recent first.

GHSA-XWGM-HJ5F-P996

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-09-26 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

firewire: ohci: prevent leak of left-over IRQ on unbind

Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ") also removed the call to free_irq() in pci_remove(), leading to a leftover irq of devm_request_irq() at pci_disable_msi() in pci_remove() when unbinding the driver from the device

remove_proc_entry: removing non-empty directory 'irq/136', leaking at least 'firewire_ohci' Call Trace: ? remove_proc_entry+0x19c/0x1c0 ? __warn+0x81/0x130 ? remove_proc_entry+0x19c/0x1c0 ? report_bug+0x171/0x1a0 ? console_unlock+0x78/0x120 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? remove_proc_entry+0x19c/0x1c0 unregister_irq_proc+0xf4/0x120 free_desc+0x3d/0xe0 ? kfree+0x29f/0x2f0 irq_free_descs+0x47/0x70 msi_domain_free_locked.part.0+0x19d/0x1d0 msi_domain_free_irqs_all_locked+0x81/0xc0 pci_free_msi_irqs+0x12/0x40 pci_disable_msi+0x4c/0x60 pci_remove+0x9d/0xc0 [firewire_ohci 01b483699bebf9cb07a3d69df0aa2bee71db1b26] pci_device_remove+0x37/0xa0 device_release_driver_internal+0x19f/0x200 unbind_store+0xa1/0xb0

remove irq with devm_free_irq() before pci_disable_msi() also remove it in fail_msi: of pci_probe() as this would lead to an identical leak

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T14:15:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: prevent leak of left-over IRQ on unbind\n\nCommit 5a95f1ded28691e6 (\"firewire: ohci: use devres for requested IRQ\")\nalso removed the call to free_irq() in pci_remove(), leading to a\nleftover irq of devm_request_irq() at pci_disable_msi() in pci_remove()\nwhen unbinding the driver from the device\n\nremove_proc_entry: removing non-empty directory \u0027irq/136\u0027, leaking at\nleast \u0027firewire_ohci\u0027\nCall Trace:\n ? remove_proc_entry+0x19c/0x1c0\n ? __warn+0x81/0x130\n ? remove_proc_entry+0x19c/0x1c0\n ? report_bug+0x171/0x1a0\n ? console_unlock+0x78/0x120\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? remove_proc_entry+0x19c/0x1c0\n unregister_irq_proc+0xf4/0x120\n free_desc+0x3d/0xe0\n ? kfree+0x29f/0x2f0\n irq_free_descs+0x47/0x70\n msi_domain_free_locked.part.0+0x19d/0x1d0\n msi_domain_free_irqs_all_locked+0x81/0xc0\n pci_free_msi_irqs+0x12/0x40\n pci_disable_msi+0x4c/0x60\n pci_remove+0x9d/0xc0 [firewire_ohci\n     01b483699bebf9cb07a3d69df0aa2bee71db1b26]\n pci_device_remove+0x37/0xa0\n device_release_driver_internal+0x19f/0x200\n unbind_store+0xa1/0xb0\n\nremove irq with devm_free_irq() before pci_disable_msi()\nalso remove it in fail_msi: of pci_probe() as this would lead to\nan identical leak",
  "id": "GHSA-xwgm-hj5f-p996",
  "modified": "2025-09-26T15:30:22Z",
  "published": "2024-05-17T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35816"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/318f6d53dd425c400e35f1a9b7af682c2c6a66d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43c70cbc2502cf2557105c662eeed6a15d082b88"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/575801663c7dc38f826212b39e3b91a4a8661c33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XWJ2-C9HW-P6P6

Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-01-07 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm, slub: fix potential memoryleak in kmem_cache_open()

In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T07:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: fix potential memoryleak in kmem_cache_open()\n\nIn error path, the random_seq of slub cache might be leaked.  Fix this\nby using __kmem_cache_release() to release all the relevant resources.",
  "id": "GHSA-xwj2-c9hw-p6p6",
  "modified": "2025-01-07T21:30:54Z",
  "published": "2024-05-22T09:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47466"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42b81946e3ac9ea0372ba16e05160dc11e02694f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f5d1c29cfab5cb0ab885059818751bdef32e2bb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/568f906340b43120abd6fcc67c37396482f85930"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9037c57681d25e4dcc442d940d6dbe24dd31f461"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XWJ8-PPX9-J533

Vulnerability from github – Published: 2026-01-20 15:33 – Updated: 2026-01-20 15:33
VLAI
Details

Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive and, in some cases, result in a major nonrecoverable fault. Recovery may require a restart.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-20T14:16:07Z",
    "severity": "HIGH"
  },
  "details": "Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive and, in some cases, result in a major nonrecoverable fault. Recovery may require a restart.",
  "id": "GHSA-xwj8-ppx9-j533",
  "modified": "2026-01-20T15:33:12Z",
  "published": "2026-01-20T15:33:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14027"
    },
    {
      "type": "WEB",
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1769.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XWMX-QHV2-JX64

Vulnerability from github – Published: 2024-02-05 18:31 – Updated: 2025-09-15 15:31
VLAI
Details

gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24267"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-05T18:15:52Z",
    "severity": "HIGH"
  },
  "details": "gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.",
  "id": "GHSA-xwmx-qhv2-jx64",
  "modified": "2025-09-15T15:31:08Z",
  "published": "2024-02-05T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24267"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/2571"
    },
    {
      "type": "WEB",
      "url": "https://github.com/NixOS/nixpkgs/pull/305402"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/d28d9ba45cf4f628a7b2c351849a895e6fcf2234"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XWXP-FCPW-W82J

Vulnerability from github – Published: 2024-05-19 12:30 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()

The call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an unsuccessful status. In such cases, the elsiocb is not issued, the completion is not called, and thus the elsiocb resource is leaked.

Check return value after calling lpfc_sli4_resume_rpi() and conditionally release the elsiocb resource.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35930"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-19T11:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()\n\nThe call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an\nunsuccessful status.  In such cases, the elsiocb is not issued, the\ncompletion is not called, and thus the elsiocb resource is leaked.\n\nCheck return value after calling lpfc_sli4_resume_rpi() and conditionally\nrelease the elsiocb resource.",
  "id": "GHSA-xwxp-fcpw-w82j",
  "modified": "2026-05-12T12:31:49Z",
  "published": "2024-05-19T12:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35930"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07a2aa674fca679316b8ac51440adb895b53a7cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ae917d4bcab80ab304b774d492e2fcd6c52c06b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3320126ed3afbc11934502319b340f91a4d61c8f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7849e6f8410da96384e3d1f6b6d730f095142dc7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c473288f27d15014447de5a891bdf22a0695847a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2cd32435b1dff3d63759476a3abc878e02fb6c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/edf82aa7e9eb864a09229392054d131b34a5c9e8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee0b5f96b6d66a1e6698228dcb41df11ec7f352f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XX6P-PXPQ-H557

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: lan966x: fix page pool leak in error paths

lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if the subsequent fdma_alloc_coherent() call fails, leaking the pool.

Similarly, lan966x_fdma_init() frees the coherent DMA memory when lan966x_fdma_tx_alloc() fails but does not destroy the page pool that was successfully created by lan966x_fdma_rx_alloc(), leaking it.

Add the missing page_pool_destroy() calls in both error paths.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31645"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan966x: fix page pool leak in error paths\n\nlan966x_fdma_rx_alloc() creates a page pool but does not destroy it if\nthe subsequent fdma_alloc_coherent() call fails, leaking the pool.\n\nSimilarly, lan966x_fdma_init() frees the coherent DMA memory when\nlan966x_fdma_tx_alloc() fails but does not destroy the page pool that\nwas successfully created by lan966x_fdma_rx_alloc(), leaking it.\n\nAdd the missing page_pool_destroy() calls in both error paths.",
  "id": "GHSA-xx6p-pxpq-h557",
  "modified": "2026-04-27T21:30:49Z",
  "published": "2026-04-24T15:32:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31645"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/076344a6ad9d1308faaed1402fdcfdda68b604ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/22e1ee9f22b5c3bb702bb6d4167d770002a85b2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4941e234cfd67ac911fb259642b453f9f76aac41"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/73e940c4249dc5ec6422d1fae535d192fb125955"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XX9H-RQRV-PWC2

Vulnerability from github – Published: 2025-09-23 18:30 – Updated: 2025-09-23 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: pm8001: Fix tag leaks on error

In pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(), pm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls to pm8001_tag_free() to free the allocated tag when pm8001_mpi_build_cmd() fails.

Similarly, in pm8001_exec_internal_task_abort(), if the chip ->task_abort method fails, the tag allocated for the abort request task must be freed. Add the missing call to pm8001_tag_free().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:49Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix tag leaks on error\n\nIn pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(),\npm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls\nto pm8001_tag_free() to free the allocated tag when pm8001_mpi_build_cmd()\nfails.\n\nSimilarly, in pm8001_exec_internal_task_abort(), if the chip -\u003etask_abort\nmethod fails, the tag allocated for the abort request task must be\nfreed. Add the missing call to pm8001_tag_free().",
  "id": "GHSA-xx9h-rqrv-pwc2",
  "modified": "2025-09-23T18:30:20Z",
  "published": "2025-09-23T18:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49121"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43c617eefab7077d69f5989ad3e2a273da1d728b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c8f04b1905cd4b776d0b720463c091545478ef7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9cc72bcc1c096ed42c91646f130d4b4191580a4c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0bb65eadbf942024226241d9d99fed17168940b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bdc74815f1c39905054b7d47399e0260b201b14d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XXC5-272V-5WC3

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-10 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

octeon_ep: fix potential memory leak in octep_device_setup()

When occur unsupported_dev and mbox init errors, it did not free oct->conf and iounmap() oct->mmio[i].hw_addr. That would trigger memory leak problem. Add kfree() for oct->conf and iounmap() for oct->mmio[i].hw_addr under unsupported_dev and mbox init errors to fix the problem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49819"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: fix potential memory leak in octep_device_setup()\n\nWhen occur unsupported_dev and mbox init errors, it did not free oct-\u003econf\nand iounmap() oct-\u003emmio[i].hw_addr. That would trigger memory leak problem.\nAdd kfree() for oct-\u003econf and iounmap() for oct-\u003emmio[i].hw_addr under\nunsupported_dev and mbox init errors to fix the problem.",
  "id": "GHSA-xxc5-272v-5wc3",
  "modified": "2025-11-10T21:30:27Z",
  "published": "2025-05-01T15:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49819"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67b65a0db8a7fdad43159819f41335497a4bb04f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e4041be97b15302ebfffda8bbd45f3b2d096048f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XXH7-FCF3-RJ7F

Vulnerability from github – Published: 2026-03-05 21:27 – Updated: 2026-03-05 21:27
VLAI
Summary
The Eclipse Jetty Server Artifact has a Gzip request memory leak
Details

Description (as reported)

There is a memory leak when using GzipHandler in jetty-12.0.30 that can cause off-heap OOMs. This can be used for DoS attacks so I'm reporting this as a vulnerability.

The leak is created by requests where the request is inflated (Content-Encoding: gzip) and the response is not deflated (no Accept-Encoding: gzip). In these conditions, a new inflator will be created by GzipRequest and never released back into GzipRequest.__inflaterPool because gzipRequest.destory() is not called.

In heap dumps one can see thousands of java.util.zip.Inflator objects, which use both Java heaps and native memory. Leaking native memory causes of off-heap OOMs.

Code path in GzipHandler.handle(): 1. Line 601: GzipRequest is created when request inflation is needed. 2. Lines 611-616: The callback is only wrapped in GzipResponseAndCallback when both inflation and deflation are needed. 3. Lines 619-625: If the handler accepts the request (returns true), gzipRequest.destroy() is only called in the "request not accepted" path (returns false)

When deflation is needed, GzipResponseAndCallback (lines 102 and 116) properly calls gzipRequest.destroy() in its succeeded() and failed() methods. But this wrapper is only created when deflation is needed.

Possible fix: The callback should be wrapped whenever a GzipRequest is created, not just when deflation is needed. This ensures gzipRequest.destroy() is always called when the request completes.

Impact

The leak causes the JVM to crash with OOME.

Patches

No patches yet.

Workarounds

Disable GzipHandler.

References

https://github.com/jetty/jetty.project/issues/14260

https://gitlab.eclipse.org/security/cve-assignment/-/issues/79

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 12.1.5"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.1.0"
            },
            {
              "fixed": "12.1.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 12.0.31"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.0.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-1605"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-05T21:27:59Z",
    "nvd_published_at": "2026-03-05T10:15:56Z",
    "severity": "HIGH"
  },
  "details": "### Description (as reported)\n\nThere is a memory leak when using `GzipHandler` in jetty-12.0.30 that can cause off-heap OOMs. This can be used for DoS attacks so I\u0027m reporting this as a vulnerability.\n\nThe leak is created by requests where the request is inflated (`Content-Encoding: gzip`) and the response is not deflated (no `Accept-Encoding: gzip`). In these conditions, a new inflator will be created by `GzipRequest` and never released back into `GzipRequest.__inflaterPool` because `gzipRequest.destory()` is not called.\n\nIn heap dumps one can see thousands of `java.util.zip.Inflator` objects, which use both Java heaps and native memory. Leaking native memory causes of off-heap OOMs.\n\nCode path in `GzipHandler.handle()`:\n1. Line 601: `GzipRequest` is created when request inflation is needed.\n2. Lines 611-616: The callback is only wrapped in `GzipResponseAndCallback` when both inflation and deflation are needed.\n3. Lines 619-625: If the handler accepts the request (returns true), `gzipRequest.destroy()` is only called in the \"request not accepted\" path (returns false)\n\nWhen deflation is needed, `GzipResponseAndCallback` (lines 102 and 116) properly calls `gzipRequest.destroy()` in its `succeeded()` and `failed()` methods. But this wrapper is only created when deflation is needed.\n\nPossible fix:\nThe callback should be wrapped whenever a `GzipRequest` is created, not just when deflation is needed. This ensures `gzipRequest.destroy()` is always called when the request completes.\n\n\n### Impact\nThe leak causes the JVM to crash with OOME.\n\n### Patches\nNo patches yet.\n\n### Workarounds\nDisable `GzipHandler`.\n\n### References\nhttps://github.com/jetty/jetty.project/issues/14260\n\nhttps://gitlab.eclipse.org/security/cve-assignment/-/issues/79",
  "id": "GHSA-xxh7-fcf3-rj7f",
  "modified": "2026-03-05T21:27:59Z",
  "published": "2026-03-05T21:27:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-xxh7-fcf3-rj7f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1605"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jetty/jetty.project/issues/14260"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jetty/jetty.project"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/79"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "The Eclipse Jetty Server Artifact has a Gzip request memory leak "
}

GHSA-XXQJ-98Q4-MP83

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2023-03-02 18:30
VLAI
Details

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-05T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.",
  "id": "GHSA-xxqj-98q4-mp83",
  "modified": "2023-03-02T18:30:32Z",
  "published": "2022-05-24T16:49:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13310"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/1616"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4192-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.