CWE-401— Missing Release of Memory after Effective Lifetime (Memory Leak)
1,677 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-401page 12 of 34
- CVE-2022-38600MEDIUMCVSS 5.5EG 5.52022-09-15
Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.
- CVE-2022-39004HIGHCVSS 7.5EG 7.52022-09-16
The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.
- CVE-2022-39005HIGHCVSS 7.5EG 7.52022-09-16
The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.
- CVE-2022-3957MEDIUMCVSS 4.3EG 6.52022-11-11
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory…
- CVE-2022-40281HIGHCVSS 7.5EG 7.52022-09-08
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.
- CVE-2022-40439MEDIUMCVSS 6.5EG 6.52022-09-14
An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.
- CVE-2022-40884MEDIUMCVSS 5.5EG 5.52022-10-19
Bento4 1.6.0 has memory leaks via the mp4fragment.
- CVE-2022-4132MEDIUMCVSS 5.9EG 5.92023-10-04
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).
- CVE-2022-4139HIGHCVSS 7.8EG 7.82023-01-27
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on th…
- CVE-2022-41419MEDIUMCVSS 6.5EG 6.52022-10-03
Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary.
- CVE-2022-41424MEDIUMCVSS 6.5EG 6.52022-10-03
Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls.
- CVE-2022-41426MEDIUMCVSS 6.5EG 6.52022-10-03
Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split.
- CVE-2022-41427MEDIUMCVSS 6.5EG 6.52022-10-03
Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux.
- CVE-2022-41556HIGHCVSS 7.5EG 7.52022-10-06
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/…
- CVE-2022-41624HIGHCVSS 7.5EG 7.52022-10-19
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase…
- CVE-2022-41832HIGHCVSS 7.5EG 7.52022-10-19
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase…
- CVE-2022-41847MEDIUMCVSS 5.5EG 5.52022-09-30
An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.
- CVE-2022-42311MEDIUMCVSS 6.5EG 7.52022-11-01
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amo…
- CVE-2022-42319MEDIUMCVSS 6.5EG 7.52022-11-01
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finishe…
- CVE-2022-42322MEDIUMCVSS 5.5EG 5.52022-11-01
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node …
- CVE-2022-42323MEDIUMCVSS 5.5EG 5.52022-11-01
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node …
- CVE-2022-42325MEDIUMCVSS 5.5EG 5.52022-11-01
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a tr…
- CVE-2022-42326MEDIUMCVSS 5.5EG 5.52022-11-01
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a tr…
- CVE-2022-43032MEDIUMCVSS 6.5EG 6.52022-10-19
An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac.
- CVE-2022-43037MEDIUMCVSS 6.5EG 6.52022-10-19
An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp.
- CVE-2022-43151MEDIUMCVSS 5.5EG 5.52022-10-31
timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc.
- CVE-2022-43221HIGHCVSS 7.5EG 7.52022-11-01
open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.
- CVE-2022-43222HIGHCVSS 7.5EG 7.52022-11-01
open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.
- CVE-2022-43223HIGHCVSS 7.5EG 7.52022-11-01
open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.
- CVE-2022-43254MEDIUMCVSS 5.5EG 5.52022-11-02
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.
- CVE-2022-43255MEDIUMCVSS 5.5EG 5.52022-11-02
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.
- CVE-2022-43272HIGHCVSS 7.5EG 7.52022-12-02
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
- CVE-2022-45204MEDIUMCVSS 5.5EG 5.52022-11-29
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.
- CVE-2022-45920HIGHCVSS 7.5EG 7.52023-01-26
In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak.
- CVE-2022-46489MEDIUMCVSS 5.5EG 5.52023-01-05
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.
- CVE-2022-46490MEDIUMCVSS 5.5EG 5.52023-01-05
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.
- CVE-2022-47007MEDIUMCVSS 5.5EG 5.52023-08-22
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
- CVE-2022-47008MEDIUMCVSS 5.5EG 5.52023-08-22
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
- CVE-2022-47010MEDIUMCVSS 5.5EG 5.52023-08-22
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
- CVE-2022-47011MEDIUMCVSS 5.5EG 5.52023-08-22
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
- CVE-2022-4743HIGHCVSS 7.5EG 7.52023-01-12
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x …
- CVE-2022-47941HIGHCVSS 7.5EG 7.52022-12-23
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.
- CVE-2022-48065MEDIUMCVSS 5.5EG 5.52023-08-22
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
- CVE-2022-48541HIGHCVSS 7.1EG 7.52023-08-22
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
- CVE-2022-48641MEDIUMCVSS 5.5EG 5.52024-04-28
In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix memory leak when blob is malformed The bug fix was incomplete, it "replaced" crash with a memory leak. The old code had an assignment to "ret" e…
- CVE-2022-48642MEDIUMCVSS 5.5EG 5.52024-04-28
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a ("ne…
- CVE-2022-48650MEDIUMCVSS 4.7EG 4.72024-04-28
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() Commit 8f394da36a36 ("scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG") made the __qlt_24xx_handle_abts() f…
- CVE-2022-48656MEDIUMCVSS 5.5EG 5.52024-04-28
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or…
- CVE-2022-48669MEDIUMCVSS 5.5EG 5.52024-05-01
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() `buf` is allocated in papr_get_attr(), and krealloc() of `buf` could fail. We need to free the original `buf` i…
- CVE-2022-48690MEDIUMCVSS 5.5EG 5.52024-05-03
In the Linux kernel, the following vulnerability has been resolved: ice: Fix DMA mappings leak Fix leak, when user changes ring parameters. During reallocation of RX buffers, new DMA mappings are created for those buffers. New buffers wi…
Map vulnerabilities like CWE-401 to your infrastructure
EchelonGraph correlates every CVE — across CWE-401 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →