CWE-1045 Detail

CWE-1045

Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
Incomplete
2019-01-03
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notifiche per un CWE specifico
Rimani informato su qualsiasi modifica relativa a un CWE specifico.
Gestione notifiche

Nome: Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor

A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.

General Informations

Modes Of Introduction

Implementation

Piattaforme applicabili

Linguaggio

Class: Not Language-Specific (Undetermined)

Conseguenze comuni

Ambito Impatto Probabilità
OtherReduce Reliability

Note: This issue can prevent the product from running reliably, since the child might not perform essential destruction operations. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability, such as a memory leak (CWE-401).

Note sulla mappatura delle vulnerabilità

Giustificazione : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commento : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Riferimenti

REF-961

Automated Source Code Reliability Measure (ASCRM)
Object Management Group (OMG).
http://www.omg.org/spec/ASCRM/1.0/

REF-977

C++ Virtual Destructors: How to Avoid Memory Leaks
QuantStart.
https://www.quantstart.com/articles/C-Virtual-Destructors-How-to-Avoid-Memory-Leaks/

REF-978

Virtual Destructor
GeeksforGeeks.
https://www.geeksforgeeks.org/virtual-destructor/

Invio

Nome Organizzazione Data Data di rilascio Version
CWE Content Team MITRE 2018-07-02 +00:00 2019-01-03 +00:00 3.2

Modifiche

Nome Organizzazione Data Commento
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2020-08-20 +00:00 updated Relationships
CWE Content Team MITRE 2023-01-31 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships, Type
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Applicable_Platforms, Common_Consequences, Description, Time_of_Introduction
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.