CWE-401: Missing Release of Memory after Effective Lifetime
ID
CWE-401
Abstraction
Variant
Structure
Simple
Status
Draft
Number of CVEs
669
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation | Memory leaks have two common and sometimes overlapping causes: Error conditions and other exceptional circumstances Confusion over which part of the program is responsible for freeing the memory |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | C | ||
| Language | C++ |
Relationships
| View | Weakness | |||||||
|---|---|---|---|---|---|---|---|---|
| # ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
| CWE-1000 | Research Concepts | Draft | CWE-772 | Missing Release of Resource after Effective Lifetime | Base | Simple | Draft | |
| CWE-1003 | Weaknesses for Simplified Mapping of Published Vulnerabilities | Incomplete | CWE-404 | Improper Resource Shutdown or Release | Class | Simple | Draft | |
| CWE-1305 | CISQ Quality Measures (2020) | Incomplete | CWE-404 | Improper Resource Shutdown or Release | Class | Simple | Draft | |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...