Fix CWE-401: Ignite - Memory Leak

Fix CWE-401: Ignite - Memory Leak

book

Article ID: KB0071461

calendar_today

Updated On:

Products Versions
TIBCO BusinessEvents Enterprise Edition 6.2.1

Description

The vulnerability scans can find a Memory leak related to Ignite, as shown in the example obtained from Dynatrace tool:

  • Vulnerability CWE-401: Ignite - Memory Leak

BE 6.2.1 is delivered with Ignite 2.11 which is affected by the vulnerability.

Environment

All

Resolution

CWE-401: Ignite - Memory Leak Issue has been fixed in Ignite version 2.13.

BE 6.2.2 version uses Ignite 2.13, upgrade to BE 6.2.2 to mitigate the issue.

Issue/Introduction

This article explains how to solve vulnerability CWE-401 Ignite - Memory Leak

Additional Information

https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEIGNITE-2308111
https://www.cvedetails.com/cwe-details/401/Failure-to-Release-Memory-Before-Removing-Last-Reference-.html