Expired Pointer Dereference
|ID: 825||Date: (C)2012-05-14 (M)2012-11-08|
|Type: weakness||Status: INCOMPLETE|
|Abstraction Type: Base|
The program dereferences a pointer that contains a location for
memory that was previously valid, but is no longer valid.
Extended DescriptionWhen a program releases memory, but it maintains a pointer to that memory,
then the memory might be re-allocated at a later time. If the original
pointer is accessed to read or write data, then this could cause the program
to read or modify data that is in use by a different function or process.
Depending on how the newly-allocated memory is used, this could lead to a
denial of service, information exposure, or code execution.
|Confidentiality ||Read memory ||If the expired pointer is used in a read operation, an attacker might
be able to control data read in by the application. |
|Availability ||DoS: crash / exit /
restart ||If the expired pointer references a memory location that is not
accessible to the program, or points to a location that is "malformed"
(such as NULL) or larger than expected by a read or write operation,
then a crash may occur. |
|IntegrityConfidentialityAvailability ||Execute unauthorized code or
commands ||If the expired pointer is used in a function call, or points to
unexpected data in a write operation, then code execution may be
|Architecture and Design || ||Choose a language that provides automatic memory management. || || |
|Implementation || ||When freeing pointers, be sure to set them to NULL once they are
freed. However, the utilization of multiple or complex data structures
may lower the usefulness of this strategy. || || |
|CWE-825 CanPrecede CWE-787 ||Weakness ||CWE-1000 || |
Demonstrative Examples (Details)
- The following code shows a simple example of a double free
error: (Demonstrative Example Id DX-72)
- The following code shows a simple example of a use after free
error: (Demonstrative Example Id DX-71)
- CVE-2008-5013 : access of expired memory address leads to arbitrary code execution
- CVE-2010-3257 : stale pointer issue leads to denial of service and possibly other consequences
- CVE-2007-1211 : read of value at an offset into a structure after the offset is no longer valid
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None