CWE-416Use After Free

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Common consequences

• Integrity→Modify Memory
  The use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere.
• Availability→DoS: Crash, Exit, or Restart
  If chunk consolidation occurs after the use of previously freed data, the process may crash when invalid data is used as chunk information.
• Confidentiality→Read Memory
  Read operations on freed memory can sometimes leak sensitive information instead of causing a crash
• Integrity,Confidentiality,Availability→Execute Unauthorized Code or Commands
  If malicious data is entered before chunk consolidation can take place, it may be possible to take advantage of a write-what-where primitive to execute arbitrary code. If the newly allocated data happens to hold a class, in C++ for example,

Potential mitigations

• Architecture and Design
  Choose a language that provides automatic memory management.
• Implementation
  When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

Related CWEs

Recent CVEs classified under this CWE