CWE-401: Missing Release of Memory after Effective Lifetime — known CVE vulnerabilities
CVEs classified under CWE-401 (Missing Release of Memory after Effective Lifetime), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2022-0742 — CVSS 9.1 (critical): Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6…
CVE-2024-25450 — CVSS 8.8 (high): imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
CVE-2023-33718 — CVSS 8.8 (high): mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp
CVE-2021-40633 — CVSS 8.8 (high): A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or…
CVE-2021-3492 — CVSS 8.8 (high): Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during…
CVE-2019-17340 — CVSS 8.8 (high): An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because…
CVE-2019-6128 — CVSS 8.8 (high): The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2026-0646: A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This…
CVE-2025-14027: Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs…
CVE-2026-20012 — CVSS 8.6 (high): A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall…
CVE-2025-20239 — CVSS 8.6 (high): A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive…
CVE-2025-20133 — CVSS 8.6 (high): A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure…
CVE-2024-20304 — CVSS 8.6 (high): A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote…
CVE-2021-34792 — CVSS 8.6 (high): A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software…
CVE-2021-41145 — CVSS 8.6 (high): FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software…
CVE-2021-34698 — CVSS 8.6 (high): A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote…
CVE-2021-1387 — CVSS 8.6 (high): A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service…
CVE-2021-1313 — CVSS 8.6 (high): Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker…
CVE-2020-3572 — CVSS 8.6 (high): A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)…
CVE-2020-3373 — CVSS 8.6 (high): A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat…
CVE-2020-3203 — CVSS 8.6 (high): A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that…
CVE-2020-3189 — CVSS 8.6 (high): A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated…
CVE-2020-1603 — CVSS 8.6 (high): Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be…
CVE-2019-1708 — CVSS 8.6 (high): A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security…
CVE-2018-15377 — CVSS 8.6 (high): A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and…
CVE-2026-23172 — CVSS 8.4 (high): In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: fix potential skb->frags overflow in RX path When…
CVE-2023-34451 — CVSS 8.2 (high): CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The…
CVE-2022-1012 — CVSS 8.2 (high): A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This…
CVE-2025-29828 — CVSS 8.1 (high): Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a…
CVE-2023-41484 — CVSS 8.1 (high): An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.
CVE-2020-15254 — CVSS 8.1 (high): Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes…
CVE-2026-46201 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() When…
CVE-2026-46178 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq() Sashiko…
CVE-2026-46065 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct…
CVE-2026-43074 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain…
CVE-2026-23444 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure…
CVE-2026-23350 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue…
CVE-2025-47397 — CVSS 7.8 (high): Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
CVE-2025-39963 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: io_uring: fix incorrect io_kiocb reference in io_link_skb In…
CVE-2023-53577 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The…
CVE-2024-56775 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to…
CVE-2024-56669 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current…
CVE-2024-44964 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The…
CVE-2023-52711 — CVSS 7.8 (high): Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put…
CVE-2024-26734 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: devlink: fix possible use-after-free and memory leaks in devlink_init()…
CVE-2021-31240 — CVSS 7.8 (high): An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c…
CVE-2022-4139 — CVSS 7.8 (high): An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or…
CVE-2023-23145 — CVSS 7.8 (high): GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.