CWE - CWE-401: Improper Release of Memory Before Removing Last Reference ('Memory Leak') (2.4)

Home > CWE List > CWE- Individual Dictionary Definition (2.4)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives
Contact Us

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Search the Site

CWE-401: Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Weakness ID: 401 (Weakness Base)

Status: Draft

Description

Description Summary

The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Extended Description

This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions.

Alternate Terms

Memory Leak

Terminology Notes

"memory leak" has sometimes been used to describe other kinds of issues, e.g. for information leaks in which the contents of memory are inadvertently leaked (CVE-2003-0400 is one such example of this terminology conflict).

Time of Introduction

Architecture and Design
Implementation

Applicable Platforms

Languages

C++

Modes of Introduction

Memory leaks have two common and sometimes overlapping causes:

Error conditions and other exceptional circumstances
Confusion over which part of the program is responsible for freeing the memory

Common Consequences

Scope

Effect

Availability

Technical Impact: DoS: crash / exit / restart; DoS: instability; DoS: resource consumption (CPU); DoS: resource consumption (memory)

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition.

Likelihood of Exploit

Medium

Demonstrative Examples

Example 1

The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:

(Bad Code)

Example Language: C

char* getBlock(int fd) {

char* buf = (char*) malloc(BLOCK_SIZE);

if (!buf) {

return NULL;

}

if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {

return NULL;

}

return buf;

}

Example 2

Here the problem is that every time a connection is made, more memory is allocated. So if one just opened up more and more connections, eventually the machine would run out of memory.

(Bad Code)

Example Language: C

bar connection(){

foo = malloc(1024);

return foo;

}

endConnection(bar foo) {

free(foo);

}

int main() {

while(1) //thread 1

//On a connection

foo=connection(); //thread 2

//When the connection ends

endConnection(foo)

}

Observed Examples

Reference	Description
CVE-2005-3119	Memory leak because function does not free() an element of a data structure.
CVE-2004-0427	Memory leak when counter variable is not decremented.
CVE-2002-0574	chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets.
CVE-2005-3181	Kernel uses wrong function to release a data structure, preventing data from being properly tracked by other code.
CVE-2004-0222	Memory leak via unknown manipulations as part of protocol test suite.
CVE-2001-0136	Memory leak via a series of the same command.

Potential Mitigations

Phase: Implementation

Strategy: Libraries or Frameworks

To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.

Phase: Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Phases: Architecture and Design; Build and Compilation

The Boehm-Demers-Weiser Garbage Collector or valgrind can be used to detect leaks in code.

This is not a complete solution as it is not 100% effective.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Class	398	Indicator of Poor Code Quality	Seven Pernicious Kingdoms (primary)700
ChildOf	Category	399	Resource Management Errors	Development Concepts (primary)699
ChildOf	Category	633	Weaknesses that Affect Memory	Resource-specific Weaknesses (primary)631
ChildOf	Category	730	OWASP Top Ten 2004 Category A9 - Denial of Service	Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOf	Weakness Base	772	Missing Release of Resource after Effective Lifetime	Research Concepts (primary)1000
ChildOf	Category	861	CERT Java Secure Coding Section 49 - Miscellaneous (MSC)	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ChildOf	Category	892	SFP Cluster: Resource Management	Software Fault Pattern (SFP) Clusters (primary)888
MemberOf	View	630	Weaknesses Examined by SAMATE	Weaknesses Examined by SAMATE (primary)630
CanFollow	Weakness Class	390	Detection of Error Condition Without Action	Research Concepts1000

Relationship Notes

This is often a resultant weakness due to improper handling of malformed data or early termination of sessions.

Affected Resources

Memory

Functional Areas

Memory management

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
PLOVER			Memory leak
7 Pernicious Kingdoms			Memory Leak
CLASP			Failure to deallocate data
OWASP Top Ten 2004	A9	CWE_More_Specific	Denial of Service
CERT Java Secure Coding	MSC04-J		Do not leak memory

White Box Definitions

A weakness where the code path has:

1. start statement that allocates dynamically allocated memory resource

2. end statement that loses identity of the dynamically allocated memory resource creating situation where dynamically allocated memory resource is never relinquished

Where "loses" is defined through the following scenarios:

1. identity of the dynamic allocated memory resource never obtained

2. the statement assigns another value to the data element that stored the identity of the dynamically allocated memory resource and there are no aliases of that data element

3. identity of the dynamic allocated memory resource obtained but never passed on to function for memory resource release

4. the data element that stored the identity of the dynamically allocated resource has reached the end of its scope at the statement and there are no aliases of that data element

References

J. Whittaker and H. Thompson. "How to Break Software Security". Addison Wesley. 2003.

Content History

Submissions
Submission Date	Submitter	Organization	Source
	PLOVER		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Time_of_Introduction
2008-08-01		KDM Analytics	External
2008-08-01	added/updated white box definitions
2008-08-15		Veracode	External
2008-08-15	Suggested OWASP Top Ten 2004 mapping
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, References, Relationship_Notes, Taxonomy_Mappings, Terminology_Notes
2008-10-14	CWE Content Team	MITRE	Internal
2008-10-14	updated Description
2009-03-10	CWE Content Team	MITRE	Internal
2009-03-10	updated Other_Notes
2009-05-27	CWE Content Team	MITRE	Internal
2009-05-27	updated Name
2009-07-17	KDM Analytics		External
2009-07-17	Improved the White_Box_Definition
2009-07-27	CWE Content Team	MITRE	Internal
2009-07-27	updated White_Box_Definitions
2009-10-29	CWE Content Team	MITRE	Internal
2009-10-29	updated Modes_of_Introduction, Other_Notes
2010-02-16	CWE Content Team	MITRE	Internal
2010-02-16	updated Relationships
2010-06-21	CWE Content Team	MITRE	Internal
2010-06-21	updated Other_Notes, Potential_Mitigations
2010-12-13	CWE Content Team	MITRE	Internal
2010-12-13	updated Demonstrative_Examples, Name
2011-03-29	CWE Content Team	MITRE	Internal
2011-03-29	updated Alternate_Terms
2011-06-01	CWE Content Team	MITRE	Internal
2011-06-01	updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11	CWE Content Team	MITRE	Internal
2012-05-11	updated Relationships, Taxonomy_Mappings
2012-10-30	CWE Content Team	MITRE	Internal
2012-10-30	updated Potential_Mitigations
2013-02-21	CWE Content Team	MITRE	Internal
2013-02-21	updated Observed_Examples
Previous Entry Names
Change Date	Previous Entry Name
2008-04-11	Memory Leak

2009-05-27	Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')

2010-12-13	Failure to Release Memory Before Removing Last Reference ('Memory Leak')

Page Last Updated: February 20, 2013


	CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us