Description
The application calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.
Modes of Introduction:
– Implementation
Likelihood of Exploit:
Related Weaknesses
Consequences
Integrity, Availability, Confidentiality: Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands
Potential Mitigations
Phase: Implementation
Effectiveness:
Description:
When utilizing pointer arithmetic to traverse a buffer, use a separate variable to track progress through memory and preserve the originally allocated address for later freeing.
Phase: Implementation
Effectiveness:
Description:
When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
Phase: Architecture and Design
Effectiveness:
Description:
Phase: Architecture and Design
Effectiveness:
Description:
Use a language that provides abstractions for memory allocation and deallocation.
Phase: Testing
Effectiveness:
Description:
Use a tool that dynamically detects memory management problems, such as valgrind.
CVE References
- CVE-2019-11930
- function “internally calls ‘calloc’ and returns a pointer at an index… inside the allocated buffer. This led to freeing invalid memory.”