This can cause the product to crash, or in some cases, modify critical program variables or execute code.
This weakness often occurs when the memory is allocated explicitly on the heap with one of the malloc() family functions and free() is called, but pointer arithmetic has caused the pointer to be in the interior or end of the buffer.
Portée | Impact | Probabilité |
---|---|---|
Integrity Availability Confidentiality | Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands |
Références | Description |
---|---|
CVE-2019-11930 | function "internally calls 'calloc' and returns a pointer at an index... inside the allocated buffer. This led to freeing invalid memory." |
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, glibc in Linux provides protection against free of invalid pointers.
Nom | Organisation | Date | Date de publication | Version |
---|---|---|---|---|
CWE Content Team | MITRE | 1.4 |
Nom | Organisation | Date | Commentaire |
---|---|---|---|
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Common_Consequences | |
CWE Content Team | MITRE | updated Demonstrative_Examples, Relationships | |
CWE Content Team | MITRE | updated Potential_Mitigations | |
CWE Content Team | MITRE | updated Potential_Mitigations | |
CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Observed_Examples | |
CWE Content Team | MITRE | updated Description | |
CWE Content Team | MITRE | updated References, Relationships | |
CWE Content Team | MITRE | updated Mapping_Notes |