...
Reading previously dynamically allocated memory after it has been deallocated can lead to abnormal program termination and denial-of-service attacks. Writing memory that has been deallocated can lead to the execution of arbitrary code with the permissions of the vulnerable process.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
MEM50-CPP | High | Likely | No | MediumNo | P18P9 | L1L2 |
Automated Detection
Tool | Version | Checker | Description | |||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| dangling_pointer_use | ||||||||
| Axivion Bauhaus Suite |
| CertC++-MEM50 | ||||||||
| Clang |
| clang-analyzer-cplusplus.NewDelete | Checked by clang-tidy, but does not catch all violations of this rule. | |||||||
| CodeSonar |
| ALLOC.UAF | Use after free | |||||||
| Compass/ROSE | ||||||||||
| USE_AFTER_FREE | Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer | ||||||||
| Helix QAC |
| C++4303, C++4304 | ||||||||
| Klocwork |
| UFM.DEREF.MIGHT UFM.DEREF.MUST UFM.FFM.MIGHT UFM.FFM.MUST UFM.RETURN.MIGHT UFM.RETURN.MUST UFM.USE.MIGHT UFM.USE.MUSTMUST | ||||||||
| LDRA tool suite |
| 483 S, 484 S | Partially implemented | |||||||
| Parasoft C/C++test |
| CERT_CPP-MEM50-a | Do not use resources that have been freed | |||||||
| Parasoft Insure++ | Runtime detection | |||||||||
| Polyspace Bug Finder |
| CERT C++: MEM50-CPP | Checks for:
Rule partially covered. | |||||||
| PRQA QA-C++PVS-Studio |
| 4303V586, 4304 V774 | PVS-Studio | |||||||
| Security Reviewer - Static Reviewer | 6.02 | CPP_12 CPP_14 CPP_15 | Fully implemented| Include Page | | PVS-Studio_V | PVS-Studio_V | V586, V774||||
| Splint |
|
Related Vulnerabilities
VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth() [VU# 623332].
...