CWE-401— Missing Release of Memory after Effective Lifetime (Memory Leak)
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.— MITRE CWE catalog
1,801 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-401page 31 of 37
- CVE-2025-5324LOWCVSS 3.3EG 3.32025-05-29
A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. …
- CVE-2025-53537HIGHCVSS 7.5EG 7.52025-07-23
LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workarou…
- CVE-2025-54805MEDIUMCVSS 6.5EG 6.52025-10-15
When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions wh…
- CVE-2025-54939MEDIUMCVSS 5.3EG 5.32025-08-01
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
- CVE-2025-56226MEDIUMCVSS 5.3EG 5.32026-01-14
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
- CVE-2025-56353HIGHCVSS 7.5EG 7.52026-01-20
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated sub…
- CVE-2025-60358MEDIUMCVSS 5.5EG 7.52025-10-16
radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.
- CVE-2025-60359MEDIUMCVSS 5.5EG 4.02025-10-17
radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.
- CVE-2025-60360MEDIUMCVSS 5.5EG 3.32025-10-17
radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.
- CVE-2025-60361LOWCVSS 3.3EG 2.82025-10-17
radare2 v5.9.8 and before contains a memory leak in the function bochs_open.
- CVE-2025-61146MEDIUMCVSS 4.0EG 4.02026-02-23
saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.
- CVE-2025-61974HIGHCVSS 7.5EG 7.52025-10-15
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-64329MEDIUMCVSS 5.5EG 5.52025-11-07
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust …
- CVE-2025-6498MEDIUMCVSS 5.5EG 3.32025-06-23
A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host…
- CVE-2025-66033MEDIUMCVSS 5.3EG 5.32025-12-10
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are…
- CVE-2025-7068MEDIUMCVSS 5.5EG 3.32025-07-04
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploi…
- CVE-2025-71081MEDIUMCVSS 5.5EG 5.52026-01-13
In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync()…
- CVE-2025-71114CVSS 0.0EG 5.52026-01-14
In the Linux kernel, the following vulnerability has been resolved: via_wdt: fix critical boot hang due to unnamed resource allocation The VIA watchdog driver uses allocate_resource() to reserve a MMIO region for the watchdog control reg…
- CVE-2025-71146MEDIUMCVSS 5.5EG 5.52026-01-23
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return imme…
- CVE-2025-71147CVSS 0.0EG 5.52026-01-23
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Ad…
- CVE-2025-71151MEDIUMCVSS 5.5EG 5.52026-01-23
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without f…
- CVE-2025-71153MEDIUMCVSS 5.5EG 5.52026-01-23
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the allocated filename, le…
- CVE-2025-71154CVSS 0.0EG 5.52026-01-23
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure and URB are not…
- CVE-2025-71163MEDIUMCVSS 5.5EG 5.52026-01-25
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind s…
- CVE-2025-71185MEDIUMCVSS 5.5EG 5.52026-01-31
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the crossbar platform device during am335x …
- CVE-2025-71186MEDIUMCVSS 5.5EG 5.52026-01-31
In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. …
- CVE-2025-71187MEDIUMCVSS 5.5EG 5.52026-01-31
In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the reference taken when looking up the ICU device during probe also on probe failures (e.g. p…
- CVE-2025-71188MEDIUMCVSS 5.5EG 5.52026-01-31
In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation.…
- CVE-2025-71189MEDIUMCVSS 5.5EG 5.52026-01-31
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF node also on late route allocation failure…
- CVE-2025-71268MEDIUMCVSS 5.5EG 5.52026-03-18
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from __cow_file_range_inline(…
- CVE-2025-71272MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in most_register_interface error paths The function most_register_interface() did not correctly release resources if it failed early (befor…
- CVE-2025-71273MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() Simplify the code by using device managed memory allocations. This also fixes a memory leak in rtw_register_…
- CVE-2025-71287MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure (e.g. probe d…
- CVE-2025-71288MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leaks on common probe Make sure to drop the reference taken when looking up the SMI device during common probe on late probe failure (e.g. pr…
- CVE-2025-71290MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: misc: ti_fpc202: fix a potential memory leak in probe function Use for_each_child_of_node_scoped() to simplify the code and ensure the device node reference is automatic…
- CVE-2025-71312MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super() In ntfs_fill_super(), the fc->fs_private pointer is set to NULL without first freeing the memory it points to.…
- CVE-2025-8225LOWCVSS 3.3EG 3.32025-07-27
A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. At…
- CVE-2025-8277LOWCVSS 3.1EG 3.12025-09-09
A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This iss…
- CVE-2025-9165LOWCVSS 2.5EG 3.32025-08-19
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attac…
- CVE-2026-0646HIGHCVSS 0.0EG 0.02026-06-16
A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory... A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This v…
- CVE-2026-10699HIGHCVSS 7.5EG 7.52026-07-08
Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before …
- CVE-2026-13474HIGHCVSS 7.5EG 7.52026-06-30
Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler
- CVE-2026-13593MEDIUMCVSS 6.5EG 6.52026-06-29
CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and …
- CVE-2026-13698HIGHCVSS 7.5EG 7.52026-07-06
A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service
- CVE-2026-13708HIGHCVSS 7.5EG 7.52026-07-06
Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol. i_readjpeg_wiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffe…
- CVE-2026-1605HIGHCVSS 7.5EG 7.52026-03-05
In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed. This happe…
- CVE-2026-1757MEDIUMCVSS 6.2EG 6.22026-02-02
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of white…
- CVE-2026-20013MEDIUMCVSS 5.8EG 5.82026-03-04
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may also impact the availability o…
- CVE-2026-20014HIGHCVSS 7.7EG 7.72026-03-04
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may …
- CVE-2026-20015MEDIUMCVSS 5.8EG 5.82026-03-04
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may impact the availability of ser…
Map vulnerabilities like CWE-401 to your infrastructure
EchelonGraph correlates every CVE — across CWE-401 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →