CWE-401— Missing Release of Memory after Effective Lifetime (Memory Leak)
1,677 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-401page 4 of 34
- CVE-2019-7397HIGHCVSS 7.5EG 7.52019-02-05
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
- CVE-2019-7398HIGHCVSS 7.5EG 7.52019-02-05
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
- CVE-2019-7732HIGHCVSS 7.5EG 7.52019-02-11
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
- CVE-2019-8259HIGHCVSS 7.5EG 7.52019-03-05
UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stac…
- CVE-2019-8980HIGHCVSS 7.5EG 7.52019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
- CVE-2019-9004HIGHCVSS 7.5EG 7.52019-02-22
In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of …
- CVE-2019-9857MEDIUMCVSS 5.5EG 5.52019-03-21
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka re…
- CVE-2020-0491MEDIUMCVSS 6.5EG 6.52020-12-15
In readBlock of MatroskaExtractor.cpp, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitatio…
- CVE-2020-10593HIGHCVSS 7.5EG 7.52020-03-23
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine ca…
- CVE-2020-10840HIGHCVSS 7.1EG 7.12020-03-24
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is a kernel pointer leak in the vipx driver. The Samsung ID is SVE-2019-16293 (February 2020).
- CVE-2020-11255HIGHCVSS 7.5EG 7.52021-04-07
Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consu…
- CVE-2020-11637MEDIUMCVSS 5.8EG 5.82020-10-15
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.
- CVE-2020-11937MEDIUMCVSS 5.5EG 5.52020-08-06
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubunt…
- CVE-2020-12430MEDIUMCVSS 6.5EG 6.52020-04-28
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics wh…
- CVE-2020-12604HIGHCVSS 7.5EG 7.52020-07-01
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset th…
- CVE-2020-12656MEDIUMCVSS 5.5EG 5.52020-05-05
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that t…
- CVE-2020-12768MEDIUMCVSS 5.5EG 5.52020-05-09
An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, …
- CVE-2020-12887HIGHCVSS 7.5EG 7.52020-06-18
Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoA…
- CVE-2020-13152MEDIUMCVSS 5.5EG 5.52020-05-20
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a …
- CVE-2020-13934HIGHCVSS 7.5EG 7.52020-07-14
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryE…
- CVE-2020-15025MEDIUMCVSS 4.4EG 4.92020-06-24
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with…
- CVE-2020-15254HIGHCVSS 8.1EG 8.12020-10-16
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::fro…
- CVE-2020-15393MEDIUMCVSS 5.5EG 5.52020-06-29
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
- CVE-2020-15806HIGHCVSS 7.5EG 7.52020-07-22
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
- CVE-2020-1603HIGHCVSS 8.6EG 8.62020-01-15
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress …
- CVE-2020-1625MEDIUMCVSS 6.5EG 6.52020-04-08
The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memor…
- CVE-2020-1651MEDIUMCVSS 6.5EG 6.52020-07-17
On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. By continuously send…
- CVE-2020-1678MEDIUMCVSS 6.5EG 6.52020-10-16
On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could…
- CVE-2020-1683HIGHCVSS 7.5EG 7.52020-10-16
On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection …
- CVE-2020-16949MEDIUMCVSS 4.7EG 4.72020-10-16
<p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against…
- CVE-2020-1815HIGHCVSS 7.5EG 7.52020-02-18
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does no…
- CVE-2020-1883MEDIUMCVSS 4.9EG 4.92020-06-05
Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability …
- CVE-2020-19724MEDIUMCVSS 5.5EG 5.52023-08-22
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.
- CVE-2020-20451HIGHCVSS 7.5EG 7.52021-05-25
Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.
- CVE-2020-20665HIGHCVSS 7.5EG 7.52021-09-30
rudp v0.6 was discovered to contain a memory leak in the component main.c.
- CVE-2020-21490MEDIUMCVSS 5.5EG 5.52023-08-22
An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.
- CVE-2020-21839MEDIUMCVSS 6.5EG 6.52021-05-17
An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.
- CVE-2020-22037MEDIUMCVSS 6.5EG 6.52021-06-01
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
- CVE-2020-22038MEDIUMCVSS 6.5EG 6.52021-06-01
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.
- CVE-2020-22039MEDIUMCVSS 6.5EG 6.52021-06-01
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.
- CVE-2020-22040MEDIUMCVSS 6.5EG 6.52021-06-01
A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.
- CVE-2020-22041MEDIUMCVSS 6.5EG 6.52021-06-01
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.
- CVE-2020-22042MEDIUMCVSS 6.5EG 6.52021-06-01
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.
- CVE-2020-22043MEDIUMCVSS 6.5EG 6.52021-06-01
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.
- CVE-2020-22044MEDIUMCVSS 6.5EG 6.52021-06-01
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.
- CVE-2020-22046MEDIUMCVSS 6.5EG 6.52021-06-02
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
- CVE-2020-22048MEDIUMCVSS 6.5EG 6.52021-06-02
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
- CVE-2020-22049MEDIUMCVSS 6.5EG 6.52021-06-02
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
- CVE-2020-22051MEDIUMCVSS 6.5EG 6.52021-06-02
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.
- CVE-2020-22054MEDIUMCVSS 6.5EG 6.52021-06-02
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
Map vulnerabilities like CWE-401 to your infrastructure
EchelonGraph correlates every CVE — across CWE-401 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →