- What is CWE-401?
- The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
- What CVEs are caused by CWE-401?
- 594 recorded CVEs are attributed to CWE-401, including CVE-2023-26083, CVE-2024-25450, CVE-2023-33718. 1 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Is CWE-401 part of the OWASP Top 10?
- CWE-401 maps to OWASP Top Ten 2004: Denial of Service (A9) in the OWASP security taxonomy.
- How do you prevent CWE-401?
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- How is CWE-401 detected?
- Fuzzing: Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.
- What are the consequences of CWE-401?
- Exploiting CWE-401 can lead to: DoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), Reduce Performance.
- Is CWE-401 actively exploited?
- Yes. 1 CWE-401 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 594 recorded CVEs.