CWE-762
Mismatched Memory Management Routines
Niedrig
Incomplete
2009-05-27
00h00 +00:00
00h00 +00:00
2026-04-30
00h00 +00:00
00h00 +00:00
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Name: Mismatched Memory Management Routines
The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.
Allgemeine Informationen
Einführungsmodi
ImplementationAnwendbare Plattformen
Sprache
Class: Memory-Unsafe (Often)Name: C (Undetermined)
Name: C++ (Undetermined)
Häufige Konsequenzen
| Bereich | Auswirkung | Wahrscheinlichkeit |
|---|---|---|
| Integrity Availability Confidentiality | Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands |
Mögliche Gegenmaßnahmen
Phases : ImplementationOnly call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
Phases : Implementation
Phases : Architecture and Design
Phases : Architecture and Design
Use a language that provides abstractions for memory allocation and deallocation.
Erkennungsmethoden
Automated Dynamic Analysis
Use tools that are integrated during compilation to insert runtime error-checking mechanisms related to memory safety errors, such as AddressSanitizer (ASan) for C/C++ [REF-1518] or valgrind [REF-480].Wirksamkeit : Moderate
Hinweise zur Schwachstellen-Zuordnung
Begründung : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Kommentar : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Hinweise
Referenzen
REF-657
boost C++ Library Smart Pointershttps://www.boost.org/doc/libs/1_38_0/libs/smart_ptr/smart_ptr.htm
REF-480
Valgrindhttps://valgrind.org/
REF-391
Transitioning to ARC Release NotesiOS Developer Library.
https://developer.apple.com/library/archive/releasenotes/ObjectiveC/RN-TransitioningToARC/Introduction/Introduction.html
REF-1518
AddressSanitizerhttps://clang.llvm.org/docs/AddressSanitizer.html
Einreichung
| Name | Organisation | Datum | Veröffentlichungsdatum | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 1.4 |
Änderungen
| Name | Organisation | Datum | Kommentar |
|---|---|---|---|
| CWE Content Team | MITRE | updated Applicable_Platforms, Likelihood_of_Exploit | |
| CWE Content Team | MITRE | updated Description, Potential_Mitigations | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Potential_Mitigations, References | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Applicable_Platforms, References, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Functional_Areas, References | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Detection_Factors |
