目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-401 在移除最后引用时对内存的释放不恰当(内存泄露) 类漏洞列表 220

CWE-401 在移除最后引用时对内存的释放不恰当(内存泄露) 类弱点 220 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-401属于内存管理漏洞,指程序在内存使用完毕后未正确释放,导致资源无法回收。攻击者通常利用此缺陷通过反复分配内存耗尽系统资源,引发拒绝服务或导致程序崩溃。开发者应避免此类问题,需确保在内存生命周期结束时调用释放函数,并采用智能指针或自动内存管理工具,严格跟踪内存分配与释放状态,防止内存泄漏。

MITRE CWE 官方描述
CWE:CWE-401 Missing Release of Memory after Effective Lifetime 英文:The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
常见影响 (2)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a l…
OtherReduce Performance
缓解措施 (3)
ImplementationChoose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer…
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
Architecture and Design, Build and CompilationConsider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
Effectiveness: Moderate
代码示例 (1)
The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:
char* getBlock(int fd) { char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; } if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { return NULL; } return buf; }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2023-6299 iText 安全漏洞 — iText 4.3 Medium2023-11-26
CVE-2023-5954 HashiCorp Vault 安全漏洞 — Vault 5.9 Medium2023-11-09
CVE-2023-43076 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.5 Medium2023-11-02
CVE-2023-5349 RMagick 安全漏洞 — rmagick 5.3 Medium2023-10-30
CVE-2023-44193 Juniper Networks Junos OS 安全漏洞 — Junos OS 5.5 Medium2023-10-12
CVE-2023-22392 Juniper Networks Junos OS 安全漏洞 — Junos OS 6.5 Medium2023-10-12
CVE-2023-40534 F5 BIG-IP 安全漏洞 — BIG-IP 7.5 High2023-10-10
CVE-2022-4132 Apache Tomcat 安全漏洞 — jss 5.9 Medium2023-10-04
CVE-2023-3592 Eclipse Mosquitto 安全漏洞 — Mosquitto 5.8 Medium2023-10-02
CVE-2023-20251 Cisco Wireless LAN Controller 缓冲区错误漏洞 — Cisco Wireless LAN Controller (WLC) 6.1 Medium2023-09-27
CVE-2023-5156 GNU C Library 安全漏洞 — Red Hat Enterprise Linux 6 7.5 High2023-09-25
CVE-2023-4513 Wireshark 安全漏洞 — Wireshark 5.3 Medium2023-08-24
CVE-2023-32247 Linux kernel 安全漏洞 — kernel 7.5 High2023-07-24
CVE-2023-34450 CometBFT 安全漏洞 — cometbft 3.7 Low2023-07-03
CVE-2023-34451 CometBFT 安全漏洞 — cometbft 8.2 High2023-07-03
CVE-2023-2683 Silicon Labs EFR32 资源管理错误漏洞 — Bluetooth SDK 5.3 Medium2023-06-15
CVE-2023-2602 libcap 安全漏洞 — libcap 7.5 -2023-06-06
CVE-2023-2618 OpenCV 安全漏洞 — wechat_qrcode Module 5.3 Medium2023-05-10
CVE-2023-29163 F5 BIG-IP 安全漏洞 — BIG-IP 7.5 High2023-05-03
CVE-2023-21666 Qualcomm 芯片安全漏洞 — Snapdragon 8.4 High2023-05-02
CVE-2023-28982 Juniper Networks Junos OS 安全漏洞 — Junos OS 7.5 High2023-04-17
CVE-2023-24511 Arista Networks Extensible Operating System 安全漏洞 — EOS 5.3 Medium2023-04-12
CVE-2023-1074 Linux kernel 安全漏洞 — kernel 5.5 -2023-03-27
CVE-2023-28096 OpenSIPS 安全漏洞 — opensips 4.5 Medium2023-03-15
CVE-2023-25566 GSS-NTLMSSP 安全漏洞 — gss-ntlmssp 7.5 High2023-02-14
CVE-2023-22395 Juniper Networks Junos OS 安全漏洞 — Junos OS 6.5 Medium2023-01-12
CVE-2023-22406 Juniper Networks Junos OS 安全漏洞 — Junos OS 6.5 Medium2023-01-12
CVE-2023-22410 Juniper Networks Junos OS 安全漏洞 — Junos OS 7.5 High2023-01-12
CVE-2023-22414 Juniper Networks Junos OS和Juniper Networks Junos OS PTX 安全漏洞 — Junos OS 6.5 Medium2023-01-12
CVE-2023-22417 Juniper Networks Junos OS 安全漏洞 — Junos OS 7.5 High2023-01-12

CWE-401(在移除最后引用时对内存的释放不恰当(内存泄露)) 是常见的弱点类别,本平台收录该类弱点关联的 220 条 CVE 漏洞。