目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-401 在移除最后引用时对内存的释放不恰当(内存泄露) 类漏洞列表 220

CWE-401 在移除最后引用时对内存的释放不恰当(内存泄露) 类弱点 220 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-401属于内存管理漏洞,指程序在内存使用完毕后未正确释放,导致资源无法回收。攻击者通常利用此缺陷通过反复分配内存耗尽系统资源,引发拒绝服务或导致程序崩溃。开发者应避免此类问题,需确保在内存生命周期结束时调用释放函数,并采用智能指针或自动内存管理工具,严格跟踪内存分配与释放状态,防止内存泄漏。

MITRE CWE 官方描述
CWE:CWE-401 Missing Release of Memory after Effective Lifetime 英文:The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
常见影响 (2)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a l…
OtherReduce Performance
缓解措施 (3)
ImplementationChoose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer…
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
Architecture and Design, Build and CompilationConsider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
Effectiveness: Moderate
代码示例 (1)
The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:
char* getBlock(int fd) { char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; } if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { return NULL; } return buf; }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2020-25689 Red Hat Wildfly 资源管理错误漏洞 — wildfly-core 5.3 Medium2020-10-30
CVE-2020-1683 Juniper Networks Junos OS 安全漏洞 — Junos OS 7.5 High2020-10-16
CVE-2020-11637 B&R Automation Runtime 安全漏洞 — Automation Runtime 5.8 Medium2020-10-15
CVE-2020-25644 OpenSSL 资源管理错误漏洞 — wildfly-openssl 7.5 -2020-10-06
CVE-2020-8916 Openthread wpantund 安全漏洞 — wpantund 5.0 Medium2020-07-07
CVE-2019-14818 DPDK 安全漏洞 — dpdk 7.5 -2019-11-14
CVE-2019-5023 PaX和grsecurity 安全漏洞 — PaX 9.1 -2019-10-31
CVE-2019-3815 Red Hat Enterprise Linux资源管理错误漏洞 — systemd 3.3 -2019-01-28
CVE-2017-7654 Eclipse Mosquitto 安全漏洞 — Eclipse Mosquitto 7.5 -2018-06-05
CVE-2017-15094 PowerDNS Recursor 安全漏洞 — PowerDNS Recursor 5.9 -2018-01-23

CWE-401(在移除最后引用时对内存的释放不恰当(内存泄露)) 是常见的弱点类别,本平台收录该类弱点关联的 220 条 CVE 漏洞。