Missing Release of Memory after Effective Lifetime in mysql:mysql-connector-java
Cx6f651376-312a
- mysql:mysql-connector-java
Summary
MySQL Connector/J before version 5.1.44 and 6.x is vulnerable to memory leak. When using cached server-side prepared statements, a memory leak occurred as references to opened statements were being kept while the statements were being decached; it happened when either the close() method has been called twice on a statement, or when there were conflicting cache entries for a statement and the older entry had not been closed and removed from the opened statement list.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-401 - Missing release of memory after effective lifetime (memory leak)
'Missing release of memory after effective lifetime (memory leak)' is a weakness that occurs when software doesn't effectively release allocated memory after it is used. If not addressed, this enables attackers to launch denial of service attacks (by crashing or hanging the program) or take advantage of other unexpected behavior resulting from low memory conditions.
References
Advisory Timeline
- Published
