CWE-401 在移除最后引用时对内存的释放不恰当(内存泄露)

admin 2022年1月5日20:59:08CWE(弱点枚举)评论24 views3928字阅读13分5秒阅读模式

CWE-401 在移除最后引用时对内存的释放不恰当(内存泄露)

Missing Release of Memory after Effective Lifetime

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: Medium

基本描述

The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

扩展描述

This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 772 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 772 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

范围 影响 注释
Availability ['DoS: Crash, Exit, or Restart', 'DoS: Instability', 'DoS: Resource Consumption (CPU)', 'DoS: Resource Consumption (Memory)'] Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition.
Other Reduce Performance

可能的缓解方案

MIT-41 Implementation

策略: Libraries or Frameworks

Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
For example, glibc in Linux provides protection against free of invalid pointers.
When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.

Architecture and Design

策略:

Use an abstraction library to abstract away risky APIs. Not a complete solution.

['Architecture and Design', 'Build and Compilation']

策略:

The Boehm-Demers-Weiser Garbage Collector or valgrind can be used to detect leaks in code.

示例代码

The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:

bad C

char getBlock(int fd) {

char buf = (char*) malloc(BLOCK_SIZE);
if (!buf) {

return NULL;

}
if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {


return NULL;

}
return buf;

}

分析过的案例

标识 说明 链接
CVE-2005-3119 Memory leak because function does not free() an element of a data structure. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119
CVE-2004-0427 Memory leak when counter variable is not decremented. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0427
CVE-2002-0574 chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0574
CVE-2005-3181 Kernel uses wrong function to release a data structure, preventing data from being properly tracked by other code. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181
CVE-2004-0222 Memory leak via unknown manipulations as part of protocol test suite. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0222
CVE-2001-0136 Memory leak via a series of the same command. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0136

Notes

Relationship
This is often a resultant weakness due to improper handling of malformed data or early termination of sessions.
Terminology
"memory leak" has sometimes been used to describe other kinds of issues, e.g. for information leaks in which the contents of memory are inadvertently leaked (CVE-2003-0400 is one such example of this terminology conflict).

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Memory leak
7 Pernicious Kingdoms Memory Leak
CLASP Failure to deallocate data
OWASP Top Ten 2004 A9 CWE More Specific Denial of Service
CERT C Secure Coding MEM31-C Exact Free dynamically allocated memory when no longer needed
The CERT Oracle Secure Coding Standard for Java (2011) MSC04-J Do not leak memory
Software Fault Patterns SFP14 Failure to release resource
OMG ASCPEM ASCPEM-PRF-14

引用

文章来源于互联网:scap中文网

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月5日20:59:08
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  CWE-401 在移除最后引用时对内存的释放不恰当(内存泄露) http://cn-sec.com/archives/612867.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: