Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-763 (对无效指针或索引的释放) — Vulnerability Class 21

21 vulnerabilities classified as CWE-763 (对无效指针或索引的释放). AI Chinese analysis included.

CWE-763 represents a critical memory management weakness where software attempts to return a resource to the system using an incorrect or improperly invoked release function. This error typically arises when memory allocated via one method is deallocated using a non-compatible function, such as mixing C++ new with C free, or when the release function is called with invalid arguments. Attackers exploit this vulnerability to trigger undefined behavior, potentially leading to application crashes, data corruption, or arbitrary code execution by manipulating the heap’s internal state. Developers prevent this by strictly adhering to consistent memory management paradigms, ensuring that every allocation has a corresponding, compatible deallocation call. Utilizing automated static analysis tools and rigorous code reviews further helps identify mismatched pointer references before deployment, thereby maintaining system integrity and preventing exploitation of these subtle but dangerous logical errors.

MITRE CWE Description
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly. This weakness can take several forms, such as: The memory was allocated, explicitly or implicitly, via one memory management method and deallocated using a different, non-compatible function (CWE-762). The function calls or memory management routines chosen are appropriate, however they are used incorrectly, such as in CWE-761.
Common Consequences (1)
Integrity, Availability, ConfidentialityModify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands
This weakness may result in the corruption of memory, and perhaps instructions, possibly leading to a crash. If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code.
Mitigations (4)
ImplementationOnly call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
ImplementationWhen programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, glibc in Linux provides protection against free of invalid pointers.
Architecture and DesignUse a language that provides abstractions for memory allocation and deallocation.
Examples (2)
This code attempts to tokenize a string and place it into an array using the strsep function, which inserts a \0 byte in place of whitespace or a tab character. After finishing the loop, each string in the AP array points to a location within the input string.
char **ap, *argv[10], *inputstring; for (ap = argv; (*ap = strsep(&inputstring, " \t")) != NULL;) if (**ap != '\0') if (++ap >= &argv[10]) break; /.../ free(ap[4]);
Bad · C
This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.
void foo(){ BarObj *ptr = new BarObj() /* do some work with ptr here */ ... free(ptr); }
Bad · C++
void foo(){ BarObj *ptr = new BarObj() /* do some work with ptr here */ ... delete ptr; }
Good · C++
CVE IDTitleCVSSSeverityPublished
CVE-2025-65116 Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM — JP1/IT Desktop Management 2 - Manager 5.5 Medium2026-04-07
CVE-2018-25243 FastTube 1.0.1.0 Denial of Service via Search — FastTube 6.2 Medium2026-04-04
CVE-2026-22770 ImageMagick vulnerable to Release of Invalid Pointer in BilateralBlur when memory allocation fails — ImageMagick 6.5 Medium2026-01-20
CVE-2025-14233 Canon多款产品 安全漏洞 — Satera LBP670C Series 9.8 Critical2026-01-15
CVE-2025-48768 Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal — Apache NuttX RTOS 9.1 -2026-01-01
CVE-2025-13824 Micro820®, Micro850®, Micro870® – Specialized Fuzzing Vulnerabilities — Micro820®, Micro850®, Micro870® 7.5AIHighAI2025-12-15
CVE-2025-11838 WatchGuard Firebox iked Memory Corruption Vulnerability — Fireware OS 7.5AIHighAI2025-12-04
CVE-2025-47329 Release of Invalid Pointer or Reference in Android Core — Snapdragon 7.8 High2025-09-24
CVE-2025-25215 Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability — BCM5820X 8.8 High2025-06-13
CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability — Microsoft 365 Apps for Enterprise 7.8 High2025-05-13
CVE-2023-4883 Multiple vulnerabilities in Open5GS — Open5GS 7.5 High2023-10-03
CVE-2023-0459 Copy_from_user Spectre-V1 Gadget in Linux Kernel — Linux Kernel 6.5 Medium2023-05-25
CVE-2022-4696 Linux kernel 资源管理错误漏洞 — Linux Kernel 7.8 High2023-01-11
CVE-2022-41691 BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691 — BIG-IP Advanced WAF & ASM 7.5 High2022-10-19
CVE-2022-2521 LibTIFF 安全漏洞 — libtiff 6.5 -2022-08-31
CVE-2021-3682 QEMU 安全漏洞 — QEMU 8.0 -2021-08-05
CVE-2021-22760 IGSS Definition 安全漏洞 — IGSS Definition (Def.exe) V15.0.0.21140 and prior 7.8 -2021-06-11
CVE-2021-24028 Facebook Thrift 安全漏洞 — Facebook Thrift 9.8 -2021-04-13
CVE-2021-21401 Invalid free() call in Nanopb — nanopb 7.1 High2021-03-23
CVE-2020-5139 SonicWall SonicOS SSLVPN NACagent 安全漏洞 — SonicOS 7.5 -2020-10-12
CVE-2019-11930 Facebook HHVM 输入验证错误漏洞 — HHVM 9.8 -2019-12-04

Vulnerabilities classified as CWE-763 (对无效指针或索引的释放) represent 21 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.