...
The mismanagement of memory can lead to freeing memory multiple times or writing to already freed memory. Both of these coding errors can result in an attacker executing arbitrary code with the permissions of the vulnerable process. Memory management errors can also lead to resource depletion and denial-of-service attacks.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM00-C | High | Probable | Medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| ALLOC.DF | Double free | ||||||
| Compass/ROSE |
Could detect possible violations by reporting any function that has | ||||||||
| Coverity | 6.5 | RESOURCE_LEAK | Fully implemented | |||||
| Klocwork |
| FREE.INCONSISTENT |
| LDRA tool suite |
| 50 D | Partially implemented | ||||||
| Parasoft C/C++test |
|
|
|
| MRM-18, |
| MRM-19, |
| MRM-20 | Fully implemented |
| Parasoft Insure++ |
| Runtime analysis will detect all leaks | |||
| Polyspace Bug Finder | R2016a | Pointer deallocation without a corresponding dynamic allocation Memory freed more than once without allocation Memory accessed after deallocation |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | VOID MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
| ISO/IEC TR 24772:2013 | Memory Leak [XYL] |
| MITRE CWE | CWE-415, Double free CWE-416, Use after free |
Bibliography
...
...