CWE-401β€”Missing Release of Memory after Effective Lifetime

PUBLISHEDweakness recordMedium
released 2006-07-19 Β· last modified 2026-04-30
CWE-401 - Missing Release of Memory after Effective Lifetime - Diagram

Metadata

CWE ID:
CWE-401
Abstraction:
Variant
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2026-04-30

Weakness Name

Missing Release of Memory after Effective Lifetime

Description

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Common Consequences

Scope:
Availability
Impact:
DoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Notes:
Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition.
Scope:
Other
Impact:
Reduce Performance

Related Weaknesses