...
Reading previously dynamically allocated memory after it has been deallocated can lead to abnormal program termination and denial-of-service attacks. Writing memory that has been deallocated can lead to the execution of arbitrary code with the permissions of the vulnerable process.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
MEM50-CPP | High | Likely | No | NoMedium | P18P9 | L1L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| dangling_pointer_use | |||||||||||||
| Axivion Bauhaus Suite |
| CertC++-MEM50 | |||||||||||||
| Clang |
| clang-analyzer-cplusplus.NewDelete | Checked by clang-tidy, but does not catch all violations of this rule. | ||||||||||||
| CodeSonar |
| ALLOC.UAF | Use after free | ||||||||||||
| Compass/ROSE | |||||||||||||||
| USE_AFTER_FREE | Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer | |||||||||||||
| Helix QAC |
| C++4303, C++4304 | |||||||||||||
| Klocwork |
| UFM.DEREF.MIGHT UFM.DEREF.MUST UFM.FFM.MIGHT UFM.FFM.MUST UFM.RETURN.MIGHT UFM.RETURN.MUST UFM.USE.MIGHT UFM.USE.MUSTMUST | |||||||||||||
| LDRA tool suite |
| 483 S, 484 S | Partially implemented | ||||||||||||
| Parasoft C/C++test |
| BDCERT_CPP- | RES-FREEMEM50-a | Do not use resources that have been freed | |||||||||||
| Parasoft Insure++ | Runtime detectionSplint | ||||||||||||||
| Polyspace Bug Finder |
| Splint
| Splint
| PRQA QA-CERT C++ | 4.1 | : MEM50-CPP | Checks for:
Rule partially covered. | ||||||||
| PVS-Studio |
| 4303, 4304
| 6.22
| V586, V774 | |||||||||||
| Security Reviewer - Static Reviewer | 6.02 | CPP_12 CPP_14 CPP_15 | Fully implemented | ||||||||||||
| Splint |
| General analysis rule set
Related Vulnerabilities
VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth() [VU# 623332].
...