...
Reading previously dynamically allocated memory after it has been deallocated can lead to abnormal program termination and denial-of-service attacks. Writing memory that has been deallocated can lead to the execution of arbitrary code with the permissions of the vulnerable process.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM50-CPP | High | Likely | Medium | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Clang |
| clang-analyzer-cplusplus.NewDelete | Checked by clang-tidy, but does not catch all violations of this rule. | ||||||
| CodeSonar |
| ALLOC.UAF | Use after free | ||||||
| Compass/ROSE |
| USE_AFTER_FREE | Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer | |||||||
| Klocwork |
| UFM.DEREF.MIGHT |
| LDRA tool suite |
| 483 S, 484 S | Partially implemented | ||||||
| Parasoft C/C++test |
|
|
| BD-RES-FREE |
| Parasoft Insure++ |
| Runtime detection | |||||||
| Splint |
|
| PRQA QA-C++ | 4.1 | 4303, 4304 |
| PVS-Studio | 6.22 | V586, V774 | General analysis rule set |
Related Vulnerabilities
VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth() [VU# 623332].
Search for other vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | |
| SEI CERT C Coding Standard | MEM30-C. Do not access freed memory |
| MITRE CWE |
Bibliography
| [ISO/IEC 14882-2014] | Subclause 3.7.4.1, "Allocation Functions" Subclause 3.7.4.2, "Deallocation Functions" |
| [Seacord 2013b] | Chapter 4, "Dynamic Memory Management" |
...
...