CWE-1087 Details

CWE-1087

Class with Virtual Method without a Virtual Destructor
Incomplete
2019-01-03
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Benachrichtigungen verwalten

Name: Class with Virtual Method without a Virtual Destructor

A class contains a virtual method, but the method does not have an associated virtual destructor.

Allgemeine Informationen

Einführungsmodi

Implementation

Anwendbare Plattformen

Sprache

Class: Object-Oriented (Undetermined)

Häufige Konsequenzen

Bereich Auswirkung Wahrscheinlichkeit
OtherReduce Reliability

Note: This issue can prevent the product from running reliably, e.g. due to undefined behavior. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.

Erkennungsmethoden

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Wirksamkeit : High

Hinweise zur Schwachstellen-Zuordnung

Begründung : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Kommentar : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Referenzen

REF-961

Automated Source Code Reliability Measure (ASCRM)
Object Management Group (OMG).
http://www.omg.org/spec/ASCRM/1.0/

Einreichung

Name Organisation Datum Veröffentlichungsdatum Version
CWE Content Team MITRE 2018-07-02 +00:00 2019-01-03 +00:00 3.2

Änderungen

Name Organisation Datum Kommentar
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2020-08-20 +00:00 updated Relationships
CWE Content Team MITRE 2023-01-31 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Applicable_Platforms, Common_Consequences, Description, Detection_Factors, Time_of_Introduction
Die auf CVE Find präsentierten Informationen stammen aus mehreren sorgfältig ausgewählten Referenzquellen. CVE-Daten werden von der MITRE Corporation und der National Vulnerability Database (NVD) bereitgestellt. Der Katalog bekannter ausgenutzter Schwachstellen (KEV) stammt von der Cybersecurity and Infrastructure Security Agency (CISA), während EPSS-Scores von FIRST.org kommen. Darüber hinaus werden Daten zu Software-Schwachstellen (CWE) und häufigen Angriffsmustern (CAPEC) von der MITRE Corporation gepflegt, und Informationen zu Hardware- und Software-Konfigurationen (CPE) werden von der NVD bereitgestellt.