CWE•Base•Incomplete•6 recent CVEs
CWE-763Release of Invalid Pointer or Reference
Description
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
[object Object]
Common consequences
- Integrity,Availability,Confidentiality→Modify Memory,DoS: Crash, Exit, or Restart,Execute Unauthorized Code or CommandsThis weakness may result in the corruption of memory, and perhaps instructions, possibly leading to a crash. If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code.
Potential mitigations
- ImplementationOnly call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
- ImplementationWhen programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
- Architecture and Design[object Object]
- Architecture and DesignUse a language that provides abstractions for memory allocation and deallocation.