目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-762 不匹配的内存管理例程 类漏洞列表 9

CWE-762 不匹配的内存管理例程 类弱点 9 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-762指内存管理例程不匹配漏洞,即释放内存时调用的函数与分配时所用的函数不一致。攻击者可利用此缺陷导致程序崩溃、数据损坏或执行任意代码,从而破坏系统完整性。开发者应严格遵循内存管理规范,确保使用malloc/new分配的内存由free/delete释放,避免混用栈内存与堆内存管理例程,并加强代码审查以消除此类错误。

MITRE CWE 官方描述
CWE:CWE-762 内存管理例程不匹配 英文:产品试图将内存资源返回给系统,但调用的释放函数与最初用于分配该资源的函数不兼容。 这种弱点通常可以描述为内存管理例程的不匹配,例如:内存是在栈上分配的(自动分配),但使用内存管理例程 free() (CWE-590) 进行释放,而该例程是用于显式分配的堆内存。内存是使用一组内存管理函数显式分配的,但使用另一组不同的函数进行释放。例如,在 C++ 中,内存可能使用 malloc() 而不是 new 运算符进行分配,然后使用 delete 运算符进行释放。当内存管理函数不匹配时,后果可能严重到导致代码执行、内存损坏或程序崩溃。后果和利用的难易程度将取决于例程的实现和被管理的对象。
常见影响 (1)
Integrity, Availability, ConfidentialityModify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands
缓解措施 (4)
ImplementationOnly call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
ImplementationChoose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer…
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, glibc in Linux provides protection against free of invalid pointers.
Architecture and DesignUse a language that provides abstractions for memory allocation and deallocation.
代码示例 (2)
This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.
void foo(){ BarObj *ptr = new BarObj() /* do some work with ptr here */ ... free(ptr); }
Bad · C++
void foo(){ BarObj *ptr = new BarObj() /* do some work with ptr here */ ... delete ptr; }
Good · C++
In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.
class A { void foo(); }; void A::foo(){ int *ptr; ptr = (int*)malloc(sizeof(int)); delete ptr; }
Bad · C++
CVE ID标题CVSS风险等级Published
CVE-2025-48431 Apache Thrift 安全漏洞 — Apache Thrift 7.5AIHighAI2026-04-28
CVE-2025-11015 ogre 安全漏洞 — Ogre 5.3 Medium2025-09-26
CVE-2025-48755 Rust 安全漏洞 — sdk 2.9 Low2025-05-24
CVE-2025-47737 Trailer 安全漏洞 — trailer 2.9 Low2025-05-09
CVE-2025-20189 Cisco IOS XE 安全漏洞 — Cisco IOS XE Software 7.4 High2025-05-07
CVE-2024-4853 Wireshark 安全漏洞 — editcap 3.6 Low2024-05-14
CVE-2024-2955 Wireshark 安全漏洞 — Wireshark 7.8 High2024-03-26
CVE-2023-41056 redis 安全漏洞 — redis 8.1 High2024-01-10
CVE-2023-3648 Wireshark 安全漏洞 — Wireshark 5.3 Medium2023-07-14

CWE-762(不匹配的内存管理例程) 是常见的弱点类别,本平台收录该类弱点关联的 9 条 CVE 漏洞。