Thread-Amount Resource Leak Vulnerability on Windows and Apple Platforms
Vulnerability
A resource leak vulnerability has been identified in the thread-amount tool, prior to version 0.2.2. This vulnerability occurs when the tool queries thread counts on Windows and Apple platforms, leading to handle and memory leaks, respectively. On Windows, the issue arises because the thread_amount function does not close handles returned by CreateToolhelp32Snapshot, causing the handle count to increase indefinitely. This accumulation can result in system instability or process termination once the handle limit is reached. On Apple platforms, the function fails to deallocate memory allocated for the thread list by task_threads, leading to a gradual memory leak. This leak can cause the process to be terminated by the Out of Memory (OOM) killer.
Impact
Long-running applications that use this crate to check thread counts may crash due to resource exhaustion, with Windows applications potentially terminating prematurely when the handle limit is reached.
Remediation
Users can update to thread-amount version 0.2.2 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.