VariantDraft

CWE-401Missing Release of Memory after Effective Lifetime

Category: memory

Description

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Common consequences· 2

  • Availability — DoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
    Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition.
  • Other — Reduce Performance

Potential mitigations· 3

  • [Implementation]
  • [Architecture and Design]Use an abstraction library to abstract away risky APIs. Not a complete solution.
  • [Architecture and Design, Build and Compilation]Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

References

  1. https://cwe.mitre.org/data/definitions/401.html

(incoming)5

TypeTargetConfidenceTier
VulnerabilityCVE-2025-20133cve-2025-201330%live
VulnerabilityCVE-2025-20239cve-2025-202390%live
VulnerabilityCVE-2025-29828cve-2025-298280%live
VulnerabilityCVE-2026-20012cve-2026-200120%live
KEVEntryArm Mali GPU Kernel Driver Information Disclosure Vulnerabilitykev-cve-2023-260830%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Release of Resource after Effective Lifetime
CWE
Improper Resource Shutdown or Release
CWE
Missing Reference to Active Allocated Resource
CWE
Incomplete Cleanup
CWE
Improperly Controlled Sequential Memory Allocation
CWE
Mismatched Memory Management Routines
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.