CWE•Variant•Draft•20 recent CVEs
CWE-401Missing Release of Memory after Effective Lifetime
Description
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Common consequences
- Availability→DoS: Crash, Exit, or Restart,DoS: Instability,DoS: Resource Consumption (CPU),DoS: Resource Consumption (Memory)Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advan
- Other→Reduce Performance
Potential mitigations
- Implementation[object Object]
- Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
- Architecture and Design,Build and CompilationConsider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-456825.12026-06-02CVE-2026-473265.52026-05-28CVE-2026-446607.52026-05-27CVE-2026-95723.32026-05-26CVE-2026-354247.52026-05-12CVE-2026-434575.52026-05-08CVE-2026-434515.52026-05-08CVE-2026-434455.52026-05-08CVE-2026-434325.52026-05-08CVE-2026-433975.52026-05-08CVE-2026-433965.52026-05-08CVE-2026-433945.52026-05-08CVE-2026-433935.52026-05-08CVE-2026-433755.52026-05-08CVE-2026-433737.52026-05-08CVE-2026-433715.52026-05-08CVE-2026-433555.52026-05-08CVE-2026-433175.52026-05-08CVE-2026-432875.52026-05-08CVE-2026-432865.52026-05-08