CWE-401 - Missing Release of Memory after Effective Lifetime

  • 摘要:Variant
  • 结构:Simple
  • 状态:Draft
  • 发布日期:2006-07-19
  • 更新日期:2026-04-30

名称

Missing Release of Memory after Effective Lifetime

描述

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

常见后果

范围:Availability

影响:DoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)

注释:Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition.

范围:Other

影响:Reduce Performance

相关 CWE

CWE-404Improper Resource Shutdown or ReleaseMedium

CWE-772Missing Release of Resource after Effective LifetimeHigh