...
Reading previously dynamically allocated memory after it has been deallocated can lead to abnormal program termination and denial-of-service attacks. Writing memory that has been deallocated can lead to the execution of arbitrary code with the permissions of the vulnerable process.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
MEM50-CPP | High | Likely | No | NoMedium | P18P9 | L1L2 |
Automated Detection
Tool | Version | Checker | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| dangling_pointer_use | ||||||||||
| Axivion Bauhaus Suite |
| c:
| c:
| CertC++-MEM50 | ||||||||
| Clang |
| clang-analyzer-cplusplus.NewDelete | Checked by clang-tidy, but does not catch all violations of this rule. | |||||||||
| CodeSonar |
| ALLOC.UAF | Use after free | |||||||||
| Compass/ROSE | ||||||||||||
| USE_AFTER_FREE | Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer | ||||||||||
| Helix QAC |
| C++4303, C++4304 | ||||||||||
| Klocwork |
| UFM.DEREF.MIGHT UFM.DEREF.MUST UFM.FFM.MIGHT UFM.FFM.MUST UFM.RETURN.MIGHT UFM.RETURN.MUST UFM.USE.MIGHT UFM.USE.MUSTMUST | ||||||||||
| LDRA tool suite |
| 483 S, 484 S | Partially implemented | |||||||||
| Parasoft C/C++test |
| BDCERT_CPP- | RES-FREEMEM50-a | Do not use resources that have been freed | ||||||||
| Parasoft Insure++ | Runtime detection | PRQA QA-C++ | 4.1 | |||||||||
| Polyspace Bug Finder |
| CERT C++: MEM50-CPP | Checks for:
Rule partially covered. 4303, 4304 | |||||||||
| PVS-Studio |
| V586, V774 | ||||||||||
| Security Reviewer - Static Reviewer | 6.02 | CPP_12 CPP_14 CPP_15 | Fully implemented | |||||||||
| Splint |
|
Related Vulnerabilities
VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth() [VU# 623332].
...