Description
The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
Modes of Introduction:
– Implementation
Likelihood of Exploit:
Related Weaknesses
Consequences
Integrity, Availability, Confidentiality: Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands
This weakness may result in the corruption of memory, and perhaps instructions, possibly leading to a crash. If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code.
Potential Mitigations
Phase: Implementation
Effectiveness:
Description:
Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
Phase: Implementation
Effectiveness:
Description:
When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
Phase: Architecture and Design
Effectiveness:
Description:
Phase: Architecture and Design
Effectiveness:
Description:
Use a language that provides abstractions for memory allocation and deallocation.
Phase: Testing
Effectiveness:
Description:
Use a tool that dynamically detects memory management problems, such as valgrind.
CVE References