Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CVEs (1,736)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-22205 1Juniper 1Junos Nov 21, 2024 Jul 20, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network based...Show more A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). Upon receiving specific traffic a memory leak will occur. Sustained processing of such specific traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. A device is only vulnerable when advance(d) policy based routing (APBR) is configured and AppQoE (sla rule) is not configured for these APBR rules. This issue affects Juniper Networks Junos OS on SRX Series: 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.3R1.Show less
CVE-2022-22204 1Juniper 1Junos Nov 21, 2024 Jul 20, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated network-based attack...Show more An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On all MX and SRX platforms, if the SIP ALG is enabled, receipt of a specific SIP packet will create a stale SIP entry. Sustained receipt of such packets will cause the SIP call table to eventually fill up and cause a DoS for all SIP traffic. The SIP call usage can be monitored by "show security alg sip calls". To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX with: user@host> show security alg status \| match sip SIP : Enabled Please verify on MX whether the following is configured: [ services ... rule <rule-name> (term <term-name>) from/match application/application-set <name> ] where either a. name = junos-sip or an application or application-set refers to SIP: b. [ applications application <name> application-protocol sip ] or c. [ applications application-set <name> application junos-sip ] This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R2-S2; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.Show less
CVE-2021-4135 1Linux 1Linux Kernel Nov 21, 2024 Jul 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could...Show more A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.Show less
CVE-2022-26365 4Debian FedoraprojectLinux+1 more 4Debian Linux FedoraLinux Kernel+1 more Nov 21, 2024 Jul 5, 2022 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero...Show more Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).Show less
CVE-2021-41690 1Offis 1Dcmtk Nov 3, 2025 Jun 28, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb pr...Show more DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.Show less
CVE-2021-41687 1Offis 1Dcmtk Nov 3, 2025 Jun 28, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory l...Show more DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.Show less
CVE-2022-33105 1Redis 1Redis Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.
CVE-2021-41490 1Rice 1Open Motion Planning Library Nov 21, 2024 Jun 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.
CVE-2021-40633 1Giflib Project 1Giflib Nov 21, 2024 Jun 14, 2022 N/A· v4 8.8 HIGH· v3 5.1 MEDIUM· v2 A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.
CVE-2021-35078 1Qualcomm 107Aqt1000 Firmware Ar8035 FirmwareCsrb31024 Firmware+104 more Nov 21, 2024 Jun 14, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indu...Show more Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WearablesShow less
CVE-2018-17240 1Netwavepr 2Indoor Ip Camera Firmware Outdoor Ip Camera Firmware Nov 21, 2024 Jun 10, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password).
CVE-2022-29693 1Unicorn Engine 1Unicorn Engine Nov 21, 2024 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.
CVE-2021-42197 1Swftools 1Swftools Nov 21, 2024 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution.
CVE-2022-29932 1Primeur 1Spazio Nov 21, 2024 May 11, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.
CVE-2022-20785 4Cisco ClamavDebian+1 more 4Clamav Debian LinuxFedora+1 more Nov 21, 2024 May 4, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0....Show more On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.Show less
CVE-2022-28487 2Broadcom Fedoraproject 2Fedora Tcpreplay Nov 21, 2024 May 4, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-42218 1Rice 1Open Motion Planning Library Nov 21, 2024 May 3, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OMPL v1.5.2 contains a memory leak in VFRRT.cpp
CVE-2021-41959 1Jerryscript 1Jerryscript Nov 21, 2024 May 3, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.
CVE-2022-1515 1Matio Project 1Matio Nov 21, 2024 May 2, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS.
CVE-2022-23159 1Dell 1Emc Powerscale Onefs Nov 21, 2024 Apr 12, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS...Show more Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.Show less

Previous 1...676869...87 Next