...
| Code Block | ||
|---|---|---|
| ||
x = malloc (number * sizeof(int));
if (x == NULL) {
/* Handle Allocation Error */
}
/* ... */
if (error_conditon == 1) {
/* Handle Error Condition*/
}
/* ... */
free(x);
|
...
Risk Assessment
Freeing memory multiple times can result in an attacker executing arbitrary code with the permissions of the vulnerable process.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
MEM31-C | ||||||
Component | Value | |||||
Severity | 3 (high) | Likelihood | 2 (probable) Remediation cost | 1 (high) | P6 | L2 |
References
- VU#623332 http://www.kb.cert.org/vuls/id/623332
- MIT krb5 Security Advisory 2005-003 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt
- OWASP, Double Free http://www.owasp.org/index.php/Double_Free
- Viega 05 Doubly freeing memory