Tag Archives: Free of Pointer not at Start of Buffer

CWE-761 – Free of Pointer not at Start of Buffer

Read Time:55 Second

Description

The application calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

CWE-763
CWE-404

 

Consequences

Integrity, Availability, Confidentiality: Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Implementation

Effectiveness:

Description: 

When utilizing pointer arithmetic to traverse a buffer, use a separate variable to track progress through memory and preserve the originally allocated address for later freeing.

Phase: Implementation

Effectiveness:

Description: 

When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.

Phase: Architecture and Design

Effectiveness:

Description: 

Phase: Architecture and Design

Effectiveness:

Description: 

Use a language that provides abstractions for memory allocation and deallocation.

Phase: Testing

Effectiveness:

Description: 

Use a tool that dynamically detects memory management problems, such as valgrind.

CVE References

 

  • CVE-2019-11930
    • function “internally calls ‘calloc’ and returns a pointer at an index… inside the allocated buffer. This led to freeing invalid memory.”