Tag Archives: Release of Invalid Pointer or Reference

CWE-763 – Release of Invalid Pointer or Reference

Read Time:57 Second

Description

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

CWE-404
CWE-404
CWE-404

 

Consequences

Integrity, Availability, Confidentiality: Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands

This weakness may result in the corruption of memory, and perhaps instructions, possibly leading to a crash. If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code.

 

Potential Mitigations

Phase: Implementation

Effectiveness:

Description: 

Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().

Phase: Implementation

Effectiveness:

Description: 

When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.

Phase: Architecture and Design

Effectiveness:

Description: 

Phase: Architecture and Design

Effectiveness:

Description: 

Use a language that provides abstractions for memory allocation and deallocation.

Phase: Testing

Effectiveness:

Description: 

Use a tool that dynamically detects memory management problems, such as valgrind.

CVE References