Memory Leak
What is Memory Leak?
Memory LeakA defect where memory that is no longer needed is not released back to the allocator, gradually exhausting available memory and degrading or crashing the system.
A memory leak (CWE-401) occurs when a program allocates memory and loses every reference to it without freeing it. Over time the process working set grows, performance falls, swap thrashes, and eventually the OS kills the process or stops accepting new work. While most leaks are reliability issues, they can become security ones: long-running services exposed to attacker-controlled triggers become denial-of-service amplifiers. Leaks also include unfreed kernel objects, file descriptors, sockets, or GPU resources. Defences include profiling (Valgrind, ASan/LSan, heaptrack, dotnet-counters), ownership discipline (RAII, smart pointers), continuous load testing and language-level GC. "Memory leak" in the cryptographic sense (revealing memory contents) is more accurately called an information disclosure.
● Examples
- 01
Long-running web server whose per-request allocations are never freed.
- 02
Kernel module forgetting to release skb buffers, draining system memory.
● Frequently asked questions
What is Memory Leak?
A defect where memory that is no longer needed is not released back to the allocator, gradually exhausting available memory and degrading or crashing the system. It belongs to the Vulnerabilities category of cybersecurity.
What does Memory Leak mean?
A defect where memory that is no longer needed is not released back to the allocator, gradually exhausting available memory and degrading or crashing the system.
How do you defend against Memory Leak?
Defences for Memory Leak typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Memory Leak?
Common alternative names include: Resource leak.