...
| Code Block |
|---|
int main(int argc, char *argv[]) {
char *buff;
buff = (char *) malloc(BUFSIZE);
if (!buff) {
/* handle error condition */
}
...
strncpy(buff, argv[1], BUFSIZE-1);
...
free(buff);
}
|
...
Priority: P18 Level: L18
Reading memory that has already been freed can lead to abnormal program termination and denial-of-service attacks. Writing memory that has already been freed can lead to the execution of arbitrary code with the permissions of the vulnerable process.
Component | Value |
|---|---|
Severity | 3 (high) |
Likelihood | 3 (likely) |
Remediation cost | 2 (medium) |
References
- ISO/IEC 9899-1999 Section 7.20.3.2, The free function
- Seacord 05 Chapter 4, Dynamic Memory Management
- Kerrighan 88 Section 7.8.5, Storage Management
- OWASP, Using freed memory http://www.owasp.org/index.php/Using_freed_memory