logo

CWE-416 - Use After Free

CWE-416 High

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Stable
Weakness Name

Use After Free

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Common Consequences

Scope: Integrity

Impact: Modify Memory

Notes: The use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere.

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

Notes: If chunk consolidation occurs after the use of previously freed data, the process may crash when invalid data is used as chunk information.

Scope: Integrity, Confidentiality, Availability

Impact: Execute Unauthorized Code or Commands

Notes: If malicious data is entered before chunk consolidation can take place, it may be possible to take advantage of a write-what-where primitive to execute arbitrary code. If the newly allocated data happens to hold a class, in C++ for example, various function pointers may be scattered within the heap data. If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved.

Related Weaknesses

CWE-123Write-what-where ConditionHigh

CWE-672Operation on a Resource after Expiration or Release

CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')High

CWE-825Expired Pointer Dereference

  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2024-07-16

Free security scan for your website