Vulnerabilities > Improper Release of Memory Before Removing Last Reference ('Memory Leak')

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-24267 Memory Leak vulnerability in Gpac 2.2.1
gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
network
low complexity
gpac CWE-401
7.5
2024-01-26 CVE-2024-23820 Memory Leak vulnerability in Openfga
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3.
network
low complexity
openfga CWE-401
6.5
2024-01-19 CVE-2024-22563 Memory Leak vulnerability in Openvswitch 2.17.8
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.
network
low complexity
openvswitch CWE-401
7.5
2024-01-18 CVE-2023-51258 Memory Leak vulnerability in Tortall Yasm 1.3.0
A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.
local
low complexity
tortall CWE-401
5.5
2024-01-16 CVE-2023-4969 Memory Leak vulnerability in multiple products
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
local
low complexity
khronos imaginationtech amd CWE-401
6.5
2024-01-12 CVE-2024-21599 Memory Leak vulnerability in Juniper Junos
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter. This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2.
low complexity
juniper CWE-401
6.5
2024-01-12 CVE-2024-21611 Memory Leak vulnerability in Juniper Junos and Junos OS Evolved
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1.
network
low complexity
juniper CWE-401
7.5
2024-01-12 CVE-2024-21613 Memory Leak vulnerability in Juniper Junos and Junos OS Evolved
A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed.
low complexity
juniper CWE-401
6.5
2024-01-02 CVE-2023-7192 Memory Leak vulnerability in multiple products
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel.
local
low complexity
linux redhat CWE-401
4.4
2023-12-14 CVE-2023-0248 Memory Leak vulnerability in Johnsoncontrols Iosmart GEN 1 Firmware
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.
high complexity
johnsoncontrols CWE-401
5.3