CWE-762
Mismatched Memory Management Routines
Low
Incomplete
2009-05-27
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Name: Mismatched Memory Management Routines
The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.
General Informations
Modes Of Introduction
ImplementationApplicable Platforms
Language
Class: Memory-Unsafe (Often)Name: C (Undetermined)
Name: C++ (Undetermined)
Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Integrity Availability Confidentiality | Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands |
Potential Mitigations
Phases : ImplementationOnly call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
Phases : Implementation
Phases : Architecture and Design
Phases : Architecture and Design
Use a language that provides abstractions for memory allocation and deallocation.
Detection Methods
Dynamic Analysis with Automated Results Interpretation
Use a tool that dynamically detects memory management problems, such as valgrind.Automated Dynamic Analysis
Use tools that are integrated during compilation to insert runtime error-checking mechanisms related to memory safety errors, such as AddressSanitizer (ASan) for C/C++ [REF-1518].Effectiveness : Moderate
Vulnerability Mapping Notes
Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Notes
References
REF-657
boost C++ Library Smart Pointershttps://www.boost.org/doc/libs/1_38_0/libs/smart_ptr/smart_ptr.htm
REF-480
Valgrindhttps://valgrind.org/
REF-391
Transitioning to ARC Release NotesiOS Developer Library.
https://developer.apple.com/library/archive/releasenotes/ObjectiveC/RN-TransitioningToARC/Introduction/Introduction.html
REF-1518
AddressSanitizerhttps://clang.llvm.org/docs/AddressSanitizer.html
Submission
| Name | Organization | Date | Date release | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 1.4 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Applicable_Platforms, Likelihood_of_Exploit | |
| CWE Content Team | MITRE | updated Description, Potential_Mitigations | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Potential_Mitigations, References | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Applicable_Platforms, References, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Functional_Areas, References | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Weakness_Ordinalities |
