Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CVEs (1,736)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-42523 1Colord Project 1Colord Nov 21, 2024 Aug 25, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing aft...Show more There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.Show less
CVE-2021-42522 1Gnome 1Anjuta Nov 21, 2024 Aug 25, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return...Show more There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'.Show less
CVE-2021-4213 3Debian DogtagpkiRedhat 3Debian Linux Enterprise LinuxNetwork Security Services For Java Nov 21, 2024 Aug 24, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an...Show more A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.Show less
CVE-2021-3905 4Canonical FedoraprojectOpenvswitch+1 more 4Enterprise Linux Fast Datapath FedoraOpenvswitch+1 more Nov 21, 2024 Aug 23, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
CVE-2021-3764 1Linux 1Linux Kernel Nov 21, 2024 Aug 23, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from th...Show more A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.Show less
CVE-2021-3736 1Linux 1Linux Kernel Nov 21, 2024 Aug 23, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal...Show more A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.Show less
CVE-2021-3690 1Redhat 7Fuse Integration Camel KIntegration Camel Quarkus+4 more Nov 21, 2024 Aug 23, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is a...Show more A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.Show less
CVE-2022-36152 1Monostream 1Tifig Nov 21, 2024 Aug 16, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp.
CVE-2022-35433 1Ffjpeg Project 1Ffjpeg Nov 21, 2024 Aug 16, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.
CVE-2022-35110 1Swftools 1Swftools Nov 21, 2024 Aug 16, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
CVE-2021-33646 3Fedoraproject FeepOpenatom 3Fedora LibtarOpeneuler Nov 3, 2025 Aug 10, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
CVE-2021-33645 3Fedoraproject FeepOpenatom 3Fedora LibtarOpeneuler Nov 3, 2025 Aug 10, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
CVE-2022-1012 1Linux 1Linux Kernel Nov 21, 2024 Aug 5, 2022 N/A· v4 8.2 HIGH· v3 N/A· v2 A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service pro...Show more A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.Show less
CVE-2022-35858 1Samsung 1Mtower Nov 21, 2024 Aug 4, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE...Show more The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.Show less
CVE-2022-1651 1Linux 1Linux Kernel Nov 21, 2024 Jul 26, 2022 N/A· v4 7.1 HIGH· v3 N/A· v2 A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak un...Show more A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.Show less
CVE-2021-33452 1Nasm 1Netwide Assembler Nov 21, 2024 Jul 26, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
CVE-2021-33451 1Long Range Zip Project 1Long Range Zip Nov 21, 2024 Jul 26, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c.
CVE-2021-33450 1Nasm 1Netwide Assembler Nov 21, 2024 Jul 26, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.
CVE-2021-33437 1Cesanta 1Mjs Nov 21, 2024 Jul 26, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c.
CVE-2022-22209 1Juniper 1Junos Nov 21, 2024 Jul 20, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, t...Show more A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- 'ENOMEM -- Cannot allocate memory'. The out-of-sync state between RIB and FIB can be seen with the "show route" and "show route forwarding-table" command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command "show krt queue": user@host > show krt state High-priority add queue: 1 queued ADD nhtype Router index 0 (31212) error 'ENOMEM -- Cannot allocate memory' kqp '0x8ad5e40' The following messages will be observed in /var/log/messages, which indicate high memory for routes/nexthops: host rpd[16279]: RPD_RT_HWM_NOTICE: New RIB highwatermark for routes: 266 [2022-03-04 05:06:07] host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host kernel: rts_veto_net_delayed_unref_limit: Route/nexthop memory is severe pressure. User Application to perform recovery actions. O p 8 err 12, rtsm_id 0:-1, msg type 10, veto simulation: 0. host kernel: rts_veto_net_delayed_unref_limit: Memory usage of M_RTNEXTHOP type = (806321208) Max size possible for M_RTNEXTHOP type = (689432176) Current delayed unref = (0), Max delayed unref on this platform = (120000) Current delayed weight unref = (0) Max delayed weight unref on this platform = (400000) curproc = rpd. This issue affects: Juniper Networks Junos OS 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2-S1, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 21.2R1.Show less

Previous 1...666768...87 Next