CWE-775
AllowedMissing Release of File Descriptor or Handle after Effective Lifetime
Abstraction: Variant · Status: Incomplete
The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.
11 vulnerabilities reference this CWE, most recent first.
CVE-2026-45287 (GCVE-0-2026-45287)
Vulnerability from cvelistv5 – Published: 2026-06-04 14:45 – Updated: 2026-06-08 18:27| URL | Tags |
|---|---|
| https://github.com/open-telemetry/opentelemetry-g… | x_refsource_CONFIRM |
| https://github.com/open-telemetry/opentelemetry-g… | x_refsource_MISC |
| https://github.com/open-telemetry/opentelemetry-g… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| open-telemetry | go.opentelemetry.io/otel/schema/v1.1 |
Affected:
< 0.0.17
|
|
| open-telemetry | go.opentelemetry.io/otel/schema/v1.0 |
Affected:
< 0.0.17
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45287",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T18:27:31.389905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T18:27:46.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "go.opentelemetry.io/otel/schema/v1.1",
"vendor": "open-telemetry",
"versions": [
{
"status": "affected",
"version": "\u003c 0.0.17"
}
]
},
{
"product": "go.opentelemetry.io/otel/schema/v1.0",
"vendor": "open-telemetry",
"versions": [
{
"status": "affected",
"version": "\u003c 0.0.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens the schema file and passes it to `Parse` without closing it; repeated parsing in a long-running process can exhaust the process file descriptor limit and cause denial of service. Exploitation depends on a consuming application exposing repeated schema parsing to an attacker-controlled path. Version 0.0.17 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772: Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-775",
"description": "CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:45:54.522Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd80336a179028bc34684",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd80336a179028bc34684"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d65705248715aa97021ba8d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d65705248715aa97021ba8d"
}
],
"source": {
"advisory": "GHSA-995v-fvrw-c78m",
"discovery": "UNKNOWN"
},
"title": "OpenTelemetry-Go\u0027s Schema ParseFile leaks file descriptors on each parse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45287",
"datePublished": "2026-06-04T14:45:54.522Z",
"dateReserved": "2026-05-11T20:14:43.200Z",
"dateUpdated": "2026-06-08T18:27:46.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53476 (GCVE-0-2025-53476)
Vulnerability from cvelistv5 – Published: 2025-10-07 13:49 – Updated: 2025-11-03 17:44- CWE-775 - Missing Release of File Descriptor or Handle after Effective Lifetime
| Vendor | Product | Version | |
|---|---|---|---|
| OpenPLC | OpenPLC_v3 |
Affected:
a931181e8b81e36fadf7b74d5cba99b73c3f6d58
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T14:33:42.008541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T15:28:56.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:44:59.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenPLC_v3",
"vendor": "OpenPLC",
"versions": [
{
"status": "affected",
"version": "a931181e8b81e36fadf7b74d5cba99b73c3f6d58"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connections to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-775",
"description": "CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T13:49:56.656Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2223",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2223"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-53476",
"datePublished": "2025-10-07T13:49:56.656Z",
"dateReserved": "2025-07-11T21:16:14.229Z",
"dateUpdated": "2025-11-03T17:44:59.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13751 (GCVE-0-2025-13751)
Vulnerability from cvelistv5 – Published: 2025-12-03 16:22 – Updated: 2025-12-12 13:56| URL | Tags |
|---|---|
| https://community.openvpn.net/Security%20Announce… | vendor-advisory |
| https://www.mail-archive.com/openvpn-announce@lis… | release-notes |
| https://www.mail-archive.com/openvpn-announce@lis… | release-notes |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T16:32:17.086600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T16:32:26.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.16",
"status": "affected",
"version": "2.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.7_rc2",
"status": "affected",
"version": "2.7_alpha1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.3,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-775",
"description": "CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-841",
"description": "CWE-841: Improper Enforcement of Behavioral Workflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T13:56:20.684Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-13751"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00154.html"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00153.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-13751",
"datePublished": "2025-12-03T16:22:35.771Z",
"dateReserved": "2025-11-26T16:51:49.203Z",
"dateUpdated": "2025-12-12T13:56:20.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25557 (GCVE-0-2019-25557)
Vulnerability from cvelistv5 – Published: 2026-03-21 12:46 – Updated: 2026-03-23 20:16- CWE-775 - Missing Release of File Descriptor or Handle after Effective Lifetime
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46845 | exploit |
| http://www.pixarra.com | product |
| https://www.vulncheck.com/advisories/twistedbrush… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Pixarra | TwistedBrush Pro Studio |
Affected:
24.06
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25557",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T20:15:23.541780Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T20:16:10.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TwistedBrush Pro Studio",
"vendor": "Pixarra",
"versions": [
{
"status": "affected",
"version": "24.06"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alejandra S\u00e1nchez"
}
],
"datePublic": "2019-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player interface to trigger an application crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-775",
"description": "Missing Release of File Descriptor or Handle after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-21T12:46:58.688Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46845",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46845"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.pixarra.com"
},
{
"name": "VulnCheck Advisory: TwistedBrush Pro Studio 24.06 Denial of Service via srp File",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/twistedbrush-pro-studio-denial-of-service-via-srp-file"
}
],
"title": "TwistedBrush Pro Studio 24.06 Denial of Service via srp File",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25557",
"datePublished": "2026-03-21T12:46:58.688Z",
"dateReserved": "2026-03-21T12:29:43.100Z",
"dateUpdated": "2026-03-23T20:16:10.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-8452 (GCVE-0-2017-8452)
Vulnerability from cvelistv5 – Published: 2017-06-16 21:00 – Updated: 2024-08-05 16:34- CWE-775 - Missing Release of File Descriptor or Handle after Effective Lifetime
| URL | Tags |
|---|---|
| https://www.elastic.co/community/security | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:23.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kibana",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.2.1"
}
]
}
],
"datePublic": "2017-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-775",
"description": "CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-16T20:57:02.000Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2017-8452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_value": "before 5.2.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2017-8452",
"datePublished": "2017-06-16T21:00:00.000Z",
"dateReserved": "2017-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:23.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2XCR-5RG6-GP62
Vulnerability from github – Published: 2026-03-21 15:33 – Updated: 2026-03-21 15:33TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player interface to trigger an application crash.
{
"affected": [],
"aliases": [
"CVE-2019-25557"
],
"database_specific": {
"cwe_ids": [
"CWE-775"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-21T13:16:18Z",
"severity": "MODERATE"
},
"details": "TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player interface to trigger an application crash.",
"id": "GHSA-2xcr-5rg6-gp62",
"modified": "2026-03-21T15:33:23Z",
"published": "2026-03-21T15:33:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25557"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46845"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/twistedbrush-pro-studio-denial-of-service-via-srp-file"
},
{
"type": "WEB",
"url": "http://www.pixarra.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-995V-FVRW-C78M
Vulnerability from github – Published: 2026-05-28 17:19 – Updated: 2026-06-09 11:53Summary
go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it; repeated parsing in a long-running process can exhaust the process file descriptor limit and cause denial of service. The severity is low because exploitation depends on a consuming application exposing repeated schema parsing to an attacker-controlled path.
Introduced in commit: e72a235
Details
In schema/v1.0/parser.go:41-47, ParseFile opens the requested schema path with os.Open and then returns Parse(file) without a defer file.Close() or other close path:
file, err := os.Open(schemaFilePath)
if err != nil {
return nil, err
}
return Parse(file)
The validation evidence also identifies schema/v1.0/parser.go:50-73: Parse accepts an io.Reader, decodes from it, and does not close it. Ownership of the opened file is therefore not transferred to Parse, leaving the descriptor open until the Go runtime eventually finalizes the file object. With repeated ParseFile calls, descriptors can accumulate until the process receives EMFILE / "too many open files".
PoC
The local artifact validation-artifact.zip contains:
leak_poc.go: PoC source that repeatedly callsschema.ParseFile("schema/v1.0/testdata/valid-example.yaml")and prints/proc/self/fdcounts.LEAK_POC_README.txt: reproduction notes.leak_poc_run.log: captured attempted run; the local offline environment failed before execution because Go module download fromproxy.golang.orgwas forbidden.
Reproduce from the root of a checkout of pellared/opentelemetry-go at commit e72a235 with Go module dependencies already available:
/bin/sh -c 'ulimit -n 256; GOGC=off go run leak_poc.go'
Configuration:
- File descriptor soft limit:
256 - Garbage collection: disabled with
GOGC=offso leaked descriptors are not reclaimed during the loop - Schema file:
schema/v1.0/testdata/valid-example.yaml
Expected output is increasing descriptor counts followed by an EMFILE failure, for example:
iter 0 fds 7
iter 50 fds 57
iter 100 fds 107
...
panic: iteration 248: open schema/v1.0/testdata/valid-example.yaml: too many open files
The exact initial descriptor count and failing iteration can vary by OS and process state.
Impact
This is a file descriptor resource leak leading to availability loss. Applications that call schema.ParseFile repeatedly, especially through a runtime reload or request-controlled path, can exhaust their process file descriptor table and fail subsequent file, socket, or other descriptor operations. Impact is limited to denial of service of the consuming process; the evidence does not show confidentiality or integrity impact.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.0.16"
},
"package": {
"ecosystem": "Go",
"name": "go.opentelemetry.io/otel/schema/v1.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.0.16"
},
"package": {
"ecosystem": "Go",
"name": "go.opentelemetry.io/otel/schema/v1.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45287"
],
"database_specific": {
"cwe_ids": [
"CWE-772",
"CWE-775"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-28T17:19:10Z",
"nvd_published_at": "2026-06-04T16:16:38Z",
"severity": "LOW"
},
"details": "### Summary\n\n`go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens the schema file and passes it to `Parse` without closing it; repeated parsing in a long-running process can exhaust the process file descriptor limit and cause denial of service. The severity is low because exploitation depends on a consuming application exposing repeated schema parsing to an attacker-controlled path.\n\nIntroduced in commit: e72a235\n\n### Details\n\nIn `schema/v1.0/parser.go:41-47`, `ParseFile` opens the requested schema path with `os.Open` and then returns `Parse(file)` without a `defer file.Close()` or other close path:\n\n```go\nfile, err := os.Open(schemaFilePath)\nif err != nil {\n\treturn nil, err\n}\nreturn Parse(file)\n```\n\nThe validation evidence also identifies `schema/v1.0/parser.go:50-73`: `Parse` accepts an `io.Reader`, decodes from it, and does not close it. Ownership of the opened file is therefore not transferred to `Parse`, leaving the descriptor open until the Go runtime eventually finalizes the file object. With repeated `ParseFile` calls, descriptors can accumulate until the process receives `EMFILE` / \"too many open files\".\n\n### PoC\n\n[validation-artifact.zip](https://github.com/user-attachments/files/27494463/validation-artifact.zip)\n\nThe local artifact `validation-artifact.zip` contains:\n\n- `leak_poc.go`: PoC source that repeatedly calls `schema.ParseFile(\"schema/v1.0/testdata/valid-example.yaml\")` and prints `/proc/self/fd` counts.\n- `LEAK_POC_README.txt`: reproduction notes.\n- `leak_poc_run.log`: captured attempted run; the local offline environment failed before execution because Go module download from `proxy.golang.org` was forbidden.\n\nReproduce from the root of a checkout of `pellared/opentelemetry-go` at commit `e72a235` with Go module dependencies already available:\n\n```sh\n/bin/sh -c \u0027ulimit -n 256; GOGC=off go run leak_poc.go\u0027\n```\n\nConfiguration:\n\n- File descriptor soft limit: `256`\n- Garbage collection: disabled with `GOGC=off` so leaked descriptors are not reclaimed during the loop\n- Schema file: `schema/v1.0/testdata/valid-example.yaml`\n\nExpected output is increasing descriptor counts followed by an `EMFILE` failure, for example:\n\n```text\niter 0 fds 7\niter 50 fds 57\niter 100 fds 107\n...\npanic: iteration 248: open schema/v1.0/testdata/valid-example.yaml: too many open files\n```\n\nThe exact initial descriptor count and failing iteration can vary by OS and process state.\n\n### Impact\n\nThis is a file descriptor resource leak leading to availability loss. Applications that call `schema.ParseFile` repeatedly, especially through a runtime reload or request-controlled path, can exhaust their process file descriptor table and fail subsequent file, socket, or other descriptor operations. Impact is limited to denial of service of the consuming process; the evidence does not show confidentiality or integrity impact.",
"id": "GHSA-995v-fvrw-c78m",
"modified": "2026-06-09T11:53:13Z",
"published": "2026-05-28T17:19:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45287"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd80336a179028bc34684"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d65705248715aa97021ba8d"
},
{
"type": "PACKAGE",
"url": "https://github.com/open-telemetry/opentelemetry-go"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "opentelemetry-go\u0027s Schema ParseFile leaks file descriptors on each parse"
}
GHSA-FX5J-CG4M-877M
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-02-11 00:31Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.
{
"affected": [],
"aliases": [
"CVE-2024-24444"
],
"database_specific": {
"cwe_ids": [
"CWE-775"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T22:15:11Z",
"severity": "HIGH"
},
"details": "Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.",
"id": "GHSA-fx5j-cg4m-877m",
"modified": "2025-02-11T00:31:47Z",
"published": "2025-01-22T00:33:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24444"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
},
{
"type": "WEB",
"url": "http://openairinterface.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P36J-6FF2-H5MM
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.
{
"affected": [],
"aliases": [
"CVE-2017-8452"
],
"database_specific": {
"cwe_ids": [
"CWE-775"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T21:29:00Z",
"severity": "HIGH"
},
"details": "Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.",
"id": "GHSA-p36j-6ff2-h5mm",
"modified": "2022-05-13T01:14:31Z",
"published": "2022-05-13T01:14:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8452"
},
{
"type": "WEB",
"url": "https://www.elastic.co/community/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PM3X-2FVM-PVP8
Vulnerability from github – Published: 2025-10-07 15:30 – Updated: 2025-11-03 18:31A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connections to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-53476"
],
"database_specific": {
"cwe_ids": [
"CWE-775"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-07T14:15:37Z",
"severity": "MODERATE"
},
"details": "A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connections to trigger this vulnerability.",
"id": "GHSA-pm3x-2fvm-pvp8",
"modified": "2025-11-03T18:31:45Z",
"published": "2025-10-07T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53476"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2223"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2223"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-47
Strategy: Resource Limitation
- Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.
- When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.
- Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703).
No CAPEC attack patterns related to this CWE.