Expired Pointer DereferenceID: 825 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: INCOMPLETE |
Abstraction Type: Base |
Description
The program dereferences a pointer that contains a location for
memory that was previously valid, but is no longer valid.
Extended DescriptionWhen a program releases memory, but it maintains a pointer to that memory,
then the memory might be re-allocated at a later time. If the original
pointer is accessed to read or write data, then this could cause the program
to read or modify data that is in use by a different function or process.
Depending on how the newly-allocated memory is used, this could lead to a
denial of service, information exposure, or code execution.
Applicable PlatformsNone
Common Consequences
Scope | Technical Impact | Notes |
---|
Confidentiality | Read memory | If the expired pointer is used in a read operation, an attacker might
be able to control data read in by the application. |
Availability | DoS: crash / exit /
restart | If the expired pointer references a memory location that is not
accessible to the program, or points to a location that is "malformed"
(such as NULL) or larger than expected by a read or write operation,
then a crash may occur. |
IntegrityConfidentialityAvailability | Execute unauthorized code or
commands | If the expired pointer is used in a function call, or points to
unexpected data in a write operation, then code execution may be
possible. |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Architecture and Design | | Choose a language that provides automatic memory management. | | |
Implementation | | When freeing pointers, be sure to set them to NULL once they are
freed. However, the utilization of multiple or complex data structures
may lower the usefulness of this strategy. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-825 CanPrecede CWE-787 | Weakness | CWE-1000 | |
Demonstrative Examples (Details)
- The following code shows a simple example of a double free
error: (Demonstrative Example Id DX-72)
- The following code shows a simple example of a use after free
error: (Demonstrative Example Id DX-71)
Observed Examples
- CVE-2008-5013 : access of expired memory address leads to arbitrary code execution
- CVE-2010-3257 : stale pointer issue leads to denial of service and possibly other consequences
- CVE-2007-1211 : read of value at an offset into a structure after the offset is no longer valid
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:None