CWE-401: Missing Release of Memory after Effective LifetimeWeakness ID: 401 Vulnerability Mapping:
ALLOWEDThis CWE ID may be used to map to real-world vulnerabilities Abstraction: VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
Description The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. Extended Description This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release. Alternate Terms Common Consequences This table specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.Scope | Impact | Likelihood |
---|
Availability
| Technical Impact: DoS: Crash, Exit, or Restart; DoS: Instability; DoS: Resource Consumption (CPU); DoS: Resource Consumption (Memory) Most memory leaks result in general product reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition. | | Other
| Technical Impact: Reduce Performance | |
Potential Mitigations
Phase: Implementation Strategy: Libraries or Frameworks Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [ REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost. |
Phase: Architecture and Design Use an abstraction library to abstract away risky APIs. Not a complete solution. |
Phases: Architecture and Design; Build and Compilation The Boehm-Demers-Weiser Garbage Collector or valgrind can be used to detect leaks in code. Note: This is not a complete solution as it is not 100% effective. |
Relationships This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore. Relevant to the view "Research Concepts" (CWE-1000) Nature | Type | ID | Name |
---|
ChildOf | Base - a weakness
that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 772 | Missing Release of Resource after Effective Lifetime | CanFollow | Base - a weakness
that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 390 | Detection of Error Condition Without Action |
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore. Relevant to the view "Weaknesses for Simplified Mapping of Published Vulnerabilities" (CWE-1003) Nature | Type | ID | Name |
---|
ChildOf | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 404 | Improper Resource Shutdown or Release |
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore. Relevant to the view "CISQ Quality Measures (2020)" (CWE-1305) Nature | Type | ID | Name |
---|
ChildOf | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 404 | Improper Resource Shutdown or Release |
Modes Of Introduction The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.Phase | Note |
---|
Implementation | Memory leaks have two common and sometimes overlapping causes: - Error conditions and other exceptional circumstances
- Confusion over which part of the program is responsible for freeing the memory
|
Likelihood Of Exploit Demonstrative Examples Example 1 The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes: (bad code) Example Language: C
char* getBlock(int fd) {
char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; } if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { } return buf;
}
Observed Examples Reference | Description |
| Memory leak because function does not free() an element of a data structure. |
| Memory leak when counter variable is not decremented. |
| chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets. |
| Kernel uses wrong function to release a data structure, preventing data from being properly tracked by other code. |
| Memory leak via unknown manipulations as part of protocol test suite. |
| Memory leak via a series of the same command. |
Weakness Ordinalities Ordinality | Description |
Resultant | (where the weakness is typically related to the presence of some other weaknesses) |
Detection Methods
Fuzzing Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues. |
Automated Static Analysis Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) |
Functional Areas Affected Resources Memberships This MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources. Vulnerability Mapping Notes Usage: ALLOWED (this CWE ID could be used to map to real-world vulnerabilities) | Reason: Acceptable-Use | Rationale: This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities. | Comments: Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction. |
Notes Relationship This is often a resultant weakness due to improper handling of malformed data or early termination of sessions. Terminology "memory leak" has sometimes been used to describe other kinds of issues, e.g. for information leaks in which the contents of memory are inadvertently leaked (CVE-2003-0400 is one such example of this terminology conflict). Taxonomy Mappings Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
PLOVER | | | Memory leak |
7 Pernicious Kingdoms | | | Memory Leak |
CLASP | | | Failure to deallocate data |
OWASP Top Ten 2004 | A9 | CWE More Specific | Denial of Service |
CERT C Secure Coding | MEM31-C | Exact | Free dynamically allocated memory when no longer needed |
The CERT Oracle Secure Coding Standard for Java (2011) | MSC04-J | | Do not leak memory |
Software Fault Patterns | SFP14 | | Failure to Release Resource |
OMG ASCPEM | ASCPEM-PRF-14 | | |
References
|
[REF-390] J. Whittaker and
H. Thompson. "How to Break Software Security". Addison Wesley. 2003.
|
|
[REF-959] Object Management Group (OMG). "Automated Source Code Performance Efficiency Measure (ASCPEM)". ASCPEM-PRF-14. 2016-01.
< https://www.omg.org/spec/ASCPEM/>. URL validated: 2023-04-07. |
Content History Submissions |
---|
Submission Date | Submitter | Organization |
---|
2006-07-19 (CWE Draft 3, 2006-07-19) | PLOVER | | | Modifications |
---|
Modification Date | Modifier | Organization |
---|
2008-07-01 | Eric Dalci | Cigital | updated Time_of_Introduction | 2008-08-01 | | KDM Analytics | added/updated white box definitions | 2008-08-15 | | Veracode | Suggested OWASP Top Ten 2004 mapping | 2008-09-08 | CWE Content Team | MITRE | updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, References, Relationship_Notes, Taxonomy_Mappings, Terminology_Notes | 2008-10-14 | CWE Content Team | MITRE | updated Description | 2009-03-10 | CWE Content Team | MITRE | updated Other_Notes | 2009-05-27 | CWE Content Team | MITRE | updated Name | 2009-07-17 | KDM Analytics | | Improved the White_Box_Definition | 2009-07-27 | CWE Content Team | MITRE | updated White_Box_Definitions | 2009-10-29 | CWE Content Team | MITRE | updated Modes_of_Introduction, Other_Notes | 2010-02-16 | CWE Content Team | MITRE | updated Relationships | 2010-06-21 | CWE Content Team | MITRE | updated Other_Notes, Potential_Mitigations | 2010-12-13 | CWE Content Team | MITRE | updated Demonstrative_Examples, Name | 2011-03-29 | CWE Content Team | MITRE | updated Alternate_Terms | 2011-06-01 | CWE Content Team | MITRE | updated Common_Consequences, Relationships, Taxonomy_Mappings | 2012-05-11 | CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | 2012-10-30 | CWE Content Team | MITRE | updated Potential_Mitigations | 2013-02-21 | CWE Content Team | MITRE | updated Observed_Examples | 2014-02-18 | CWE Content Team | MITRE | updated Potential_Mitigations, References | 2014-07-30 | CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | 2017-11-08 | CWE Content Team | MITRE | updated References, Relationships, Taxonomy_Mappings, White_Box_Definitions | 2019-01-03 | CWE Content Team | MITRE | updated Common_Consequences, Demonstrative_Examples, Name, References, Relationships, Taxonomy_Mappings, Type, Weakness_Ordinalities | 2019-06-20 | CWE Content Team | MITRE | updated Description, Name | 2020-02-24 | CWE Content Team | MITRE | updated References, Relationships, Taxonomy_Mappings | 2020-08-20 | CWE Content Team | MITRE | updated Relationships | 2021-03-15 | CWE Content Team | MITRE | updated Relationships | 2022-10-13 | CWE Content Team | MITRE | updated Taxonomy_Mappings | 2023-01-31 | CWE Content Team | MITRE | updated Common_Consequences, Description | 2023-04-27 | CWE Content Team | MITRE | updated Detection_Factors, References, Relationships, Time_of_Introduction | 2023-06-29 | CWE Content Team | MITRE | updated Mapping_Notes | Previous Entry Names |
---|
Change Date | Previous Entry Name |
---|
2008-04-11 | Memory Leak | | 2009-05-27 | Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak') | | 2010-12-13 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') | | 2019-01-03 | Improper Release of Memory Before Removing Last Reference ('Memory Leak') | | 2019-06-20 | Improper Release of Memory Before Removing Last Reference | |
More information is available — Please edit the custom filter or select a different filter.
|