Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CVEs (1,736)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-38371 1Siemens 21Apogee Modular Building Controller Firmware Apogee Modular Equiment Controller FirmwareApogee Pxc Compact Firmware+18 more Apr 8, 2025 Oct 11, 2022 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APO...Show more A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC00-U (All versions >= V2.3 < V6.30.37), Desigo PXC001-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC100-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC12-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC128-U (All versions >= V2.3 < V6.30.37), Desigo PXC200-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC50-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC64-U (All versions >= V2.3 < V6.30.37), Desigo PXM20-E (All versions >= V2.3 < V6.30.37), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.Show less
CVE-2022-41556 2Fedoraproject Lighttpd 2Fedora Lighttpd Nov 21, 2024 Oct 6, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandli...Show more A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.Show less
CVE-2022-41427 1Axiosys 1Bento4 Nov 21, 2024 Oct 3, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux.
CVE-2022-41426 1Axiosys 1Bento4 Nov 21, 2024 Oct 3, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split.
CVE-2022-41424 1Axiosys 1Bento4 Nov 21, 2024 Oct 3, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls.
CVE-2022-41419 1Axiosys 1Bento4 Nov 21, 2024 Oct 3, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary.
CVE-2022-41847 1Axiosys 1Bento4 May 20, 2025 Sep 30, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream, char const, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.
CVE-2022-35894 1Insyde 1Insydeh2o May 5, 2025 Sep 22, 2022 N/A· v4 6.0 MEDIUM· v3 N/A· v2 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to...Show more An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.Show less
CVE-2022-38178 4Debian FedoraprojectIsc+1 more 4Active Iq Unified Manager BindDebian Linux+1 more May 28, 2025 Sep 21, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for l...Show more By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.Show less
CVE-2022-38177 4Debian FedoraprojectIsc+1 more 4Active Iq Unified Manager BindDebian Linux+1 more May 28, 2025 Sep 21, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for l...Show more By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.Show less
CVE-2022-2906 1Isc 1Bind May 28, 2025 Sep 21, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential...Show more An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.Show less
CVE-2022-35085 1Swftools 1Swftools May 27, 2025 Sep 21, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
CVE-2022-39005 1Huawei 3Emui HarmonyosMagic Ui Nov 21, 2024 Sep 16, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.
CVE-2022-39004 1Huawei 3Emui HarmonyosMagic Ui Nov 21, 2024 Sep 16, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.
CVE-2022-38600 1Mplayerhq 1Mplayer Nov 21, 2024 Sep 15, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.
CVE-2022-40439 1Axiosys 1Bento4 Nov 21, 2024 Sep 14, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.
CVE-2022-31222 1Dell 25Chengming 3900 Firmware Inspiron 14 Plus 7420 FirmwareInspiron 16 Plus 7620 Firmware+22 more Nov 21, 2024 Sep 12, 2022 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order t...Show more Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.Show less
CVE-2022-40281 1Samsung 1Tizenrt Nov 21, 2024 Sep 8, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.
CVE-2022-22067 1Qualcomm 59Ar8035 Firmware Qca6390 FirmwareQca6391 Firmware+56 more Nov 21, 2024 Sep 2, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CVE-2021-3574 2Fedoraproject Imagemagick 2Fedora Imagemagick Nov 21, 2024 Aug 26, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.

Previous 1...656667...87 Next