Missing Release of Resource after Effective Lifetime
CVE-2009-3519
Summary
Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS messages.
- LOW
- LOCAL
- NONE
- NONE
- NONE
- COMPLETE
CWE-772 - Missing Release Of Resource After Effective Lifetime
'Missing release of resource after effective lifetime' is a weakness that occurs when software doesn't sufficiently release a resource (e.g. memory, CPU, disk space, etc.) after it is used. If not addressed, attackers can launch a denial of service attack (by allocating a resource and not releasing it).
References
Advisory Timeline
- Published