Memory Leak

A memory leak (CWE-401) occurs when a program allocates memory and loses every reference to it without freeing it. Over time the process working set grows, performance falls, swap thrashes, and eventually the OS kills the process or stops accepting new work. While most leaks are reliability issues, they can become security ones: long-running services exposed to attacker-controlled triggers become denial-of-service amplifiers. Leaks also include unfreed kernel objects, file descriptors, sockets, or GPU resources. Defences include profiling (Valgrind, ASan/LSan, heaptrack, dotnet-counters), ownership discipline (RAII, smart pointers), continuous load testing and language-level GC. "Memory leak" in the cryptographic sense (revealing memory contents) is more accurately called an information disclosure.