CWE-761: Free of Pointer not at Start of Buffer
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.
常见后果
影响范围: Integrity Availability Confidentiality
技术影响: Modify Memory DoS: Crash, Exit, or Restart Execute Unauthorized Code or Commands
潜在缓解措施
阶段: Implementation
描述: When utilizing pointer arithmetic to traverse a buffer, use a separate variable to track progress through memory and preserve the originally allocated address for later freeing.
阶段: Implementation
描述: When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
阶段: Architecture and Design
策略: Libraries or Frameworks
阶段: Architecture and Design
描述: Use a language that provides abstractions for memory allocation and deallocation.
阶段: Testing
描述: Use a tool that dynamically detects memory management problems, such as valgrind.
观察示例
参考: CVE-2019-11930
function "internally calls 'calloc' and returns a pointer at an index... inside the allocated buffer. This led to freeing invalid memory."
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| Software Fault Patterns | SFP12 | Faulty Memory Release | - |