Cyber Resilience

CWE · MITRE source

CWE-401Missing Release of Memory after Effective Lifetime

Abstraction: Variant · CVEs in our corpus: 1,802

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 2 mapping(s) from 1 framework(s): ATT&CK 2 (mostly)

See the full cumulative-coverage rollup →

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2018-0158 KEV10.08.60.07192018-03-28
CVE-2023-26083 KEV10.03.30.01422023-04-06
CVE-2016-63048.07.50.63032016-09-26
CVE-2019-122658.05.30.55272019-08-09
CVE-2020-139348.07.50.64122020-07-14
CVE-2022-07427.09.10.04922022-03-18
CVE-2001-01366.00.00.44942001-03-12
CVE-2001-05436.00.00.20602001-09-20
CVE-2009-13786.00.00.12752009-05-19
CVE-2016-42326.07.50.36462016-07-13
CVE-2018-08916.04.30.14742018-03-14
CVE-2015-85675.57.70.05562017-04-13
CVE-2017-76545.57.50.02172018-06-05
CVE-2018-138445.57.50.01442018-07-10
CVE-2018-153775.58.60.01592018-10-05
CVE-2019-61285.58.80.03872019-01-11
CVE-2019-61325.57.50.01502019-01-11
CVE-2019-61355.57.50.01662019-01-11
CVE-2019-61385.57.50.01462019-01-11
CVE-2019-65025.57.50.02202019-01-22
CVE-2019-73955.57.50.03432019-02-05
CVE-2019-73965.57.50.03432019-02-05
CVE-2019-73975.57.50.03802019-02-05
CVE-2019-73985.57.50.03722019-02-05
CVE-2019-77325.57.50.01402019-02-11