CWE-762: Mismatched Memory Management Routines
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.
常见后果
影响范围: Integrity Availability Confidentiality
技术影响: Modify Memory DoS: Crash, Exit, or Restart Execute Unauthorized Code or Commands
潜在缓解措施
阶段: Implementation
描述: Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
阶段: Implementation
策略: Libraries or Frameworks
阶段: Architecture and Design
策略: Libraries or Frameworks
阶段: Architecture and Design
描述: Use a language that provides abstractions for memory allocation and deallocation.
阶段: Testing
描述: Use a tool that dynamically detects memory management problems, such as valgrind.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | WIN30-C | Properly pair allocation and deallocation functions | Exact |
| Software Fault Patterns | SFP12 | Faulty Memory Release | - |