Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CVEs (1,736)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-47941 1Linux 1Linux Kernel Apr 15, 2025 Dec 23, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.
CVE-2022-23471 1Linuxfoundation 1Containerd Nov 21, 2024 Dec 7, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize...Show more containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.Show less
CVE-2022-43272 1Offis 1Dcmtk Nov 3, 2025 Dec 2, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
CVE-2022-45204 1Gpac 1Gpac Apr 25, 2025 Nov 29, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.
CVE-2021-46854 1Proftpd 1Proftpd Apr 28, 2025 Nov 23, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
CVE-2022-3957 1Gpac 1Gpac Nov 21, 2024 Nov 11, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulat...Show more A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.Show less
CVE-2022-29515 1Intel 1Server Platform Services Firmware Feb 5, 2025 Nov 11, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2021-26393 1Amd 67Amd 3015ce Firmware Amd 3015e FirmwareAmd 3020e Firmware+64 more Nov 21, 2024 Nov 9, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of t...Show more Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.Show less
CVE-2022-43255 1Gpac 1Gpac May 2, 2025 Nov 2, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.
CVE-2022-43254 1Gpac 1Gpac May 2, 2025 Nov 2, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.
CVE-2022-3812 1Axiosys 1Bento4 Nov 21, 2024 Nov 1, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory l...Show more A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability.Show less
CVE-2022-43223 1Open5gs 1Open5gs May 2, 2025 Nov 1, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.
CVE-2022-43222 1Open5gs 1Open5gs May 2, 2025 Nov 1, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.
CVE-2022-43221 1Open5gs 1Open5gs May 2, 2025 Nov 1, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.
CVE-2022-42326 3Debian FedoraprojectXen 3Debian Linux FedoraXen May 5, 2025 Nov 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has b...Show more Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.Show less
CVE-2022-42325 3Debian FedoraprojectXen 3Debian Linux FedoraXen Nov 21, 2024 Nov 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has b...Show more Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.Show less
CVE-2022-42323 3Debian FedoraprojectXen 3Debian Linux FedoraXen Nov 21, 2024 Nov 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322...Show more Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota.Show less
CVE-2022-42322 3Debian FedoraprojectXen 3Debian Linux FedoraXen Nov 21, 2024 Nov 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322...Show more Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota.Show less
CVE-2022-42319 3Debian FedoraprojectXen 3Debian Linux FedoraXen Nov 21, 2024 Nov 1, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the reque...Show more Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored.Show less
CVE-2022-43151 1Hzeller 1Timg May 6, 2025 Oct 31, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc.

Previous 1...636465...87 Next