CWE-401— Missing Release of Memory after Effective Lifetime (Memory Leak)
1,677 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-401page 1 of 34
- CVE-2001-0136NONECVSS 0.0EG 0.02001-03-12
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
- CVE-2001-0543NONECVSS 0.0EG 0.02001-09-20
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
- CVE-2004-0222NONECVSS 0.0EG 0.02004-05-04
Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite.
- CVE-2005-3119NONECVSS 0.0EG 0.02005-10-12
Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.
- CVE-2005-3181NONECVSS 0.0EG 0.02005-10-12
The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and l…
- CVE-2007-2274NONECVSS 0.0EG 0.02007-04-25
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is…
- CVE-2008-3913NONECVSS 0.0EG 0.02008-09-11
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
- CVE-2009-0581NONECVSS 0.0EG 0.02009-03-23
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image …
- CVE-2009-1378NONECVSS 0.0EG 0.02009-05-19
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are dup…
- CVE-2009-5063NONECVSS 0.0EG 0.02011-08-31
Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with …
- CVE-2010-2249MEDIUMCVSS 6.5EG 6.52010-06-30
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunk…
- CVE-2010-2942MEDIUMCVSS 5.5EG 5.52010-09-21
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially s…
- CVE-2017-15094MEDIUMCVSS 5.9EG 5.92018-01-23
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled b…
- CVE-2017-7654HIGHCVSS 7.5EG 7.52018-06-05
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.
- CVE-2018-0158HIGHCVSS 8.6EG 9.0⚠ KEV2018-03-28
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a …
- CVE-2018-0832MEDIUMCVSS 4.7EG 4.72018-02-15
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in mem…
- CVE-2018-0891MEDIUMCVSS 4.3EG 4.32018-03-14
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, …
- CVE-2018-0895MEDIUMCVSS 4.7EG 4.72018-03-14
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows…
- CVE-2018-0901MEDIUMCVSS 4.7EG 4.72018-03-14
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows…
- CVE-2018-11246HIGHCVSS 7.5EG 7.52021-01-11
K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.
- CVE-2018-13844HIGHCVSS 7.5EG 7.52018-07-10
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct t…
- CVE-2018-15377HIGHCVSS 8.6EG 8.62018-10-05
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an af…
- CVE-2018-17240HIGHCVSS 7.5EG 7.52022-06-10
There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password).
- CVE-2018-21017MEDIUMCVSS 6.5EG 6.52019-09-16
GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.
- CVE-2018-21079HIGHCVSS 7.5EG 7.52020-04-08
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018).
- CVE-2019-0059HIGHCVSS 7.5EG 7.52019-10-09
A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable…
- CVE-2019-1000031HIGHCVSS 7.5EG 7.52019-03-27
A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which wil…
- CVE-2019-10547HIGHCVSS 7.8EG 7.82020-04-16
When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Indu…
- CVE-2019-10649MEDIUMCVSS 5.5EG 6.52019-03-30
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.
- CVE-2019-11010MEDIUMCVSS 6.5EG 6.52019-04-08
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.
- CVE-2019-11463MEDIUMCVSS 5.5EG 5.52019-04-23
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affect…
- CVE-2019-12265MEDIUMCVSS 5.3EG 5.32019-08-09
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.
- CVE-2019-12379MEDIUMCVSS 5.5EG 5.52019-05-28
An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue
- CVE-2019-12975MEDIUMCVSS 5.5EG 5.52019-06-26
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
- CVE-2019-12976MEDIUMCVSS 5.5EG 5.52019-06-26
ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
- CVE-2019-13133MEDIUMCVSS 5.5EG 5.52019-07-01
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
- CVE-2019-13134MEDIUMCVSS 5.5EG 5.52019-07-01
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
- CVE-2019-13137MEDIUMCVSS 6.5EG 6.52019-07-01
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
- CVE-2019-13296MEDIUMCVSS 6.5EG 6.52019-07-05
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
- CVE-2019-13301MEDIUMCVSS 6.5EG 6.52019-07-05
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
- CVE-2019-13309MEDIUMCVSS 6.5EG 6.52019-07-05
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.
- CVE-2019-13310MEDIUMCVSS 6.5EG 6.52019-07-05
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
- CVE-2019-13311MEDIUMCVSS 6.5EG 6.52019-07-05
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
- CVE-2019-14559HIGHCVSS 7.5EG 7.52020-11-23
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
- CVE-2019-14818HIGHCVSS 7.5EG 7.52019-11-14
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING…
- CVE-2019-15134HIGHCVSS 7.5EG 7.52019-08-17
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _…
- CVE-2019-15807MEDIUMCVSS 4.7EG 4.72019-08-29
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.
- CVE-2019-15916HIGHCVSS 7.5EG 7.52019-09-04
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
- CVE-2019-15921MEDIUMCVSS 4.7EG 4.72019-09-04
An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.
- CVE-2019-16708MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
Map vulnerabilities like CWE-401 to your infrastructure
EchelonGraph correlates every CVE — across CWE-401 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →