CWE-763
AllowedRelease of Invalid Pointer or Reference
Abstraction: Base · Status: Incomplete
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
109 vulnerabilities reference this CWE, most recent first.
GHSA-7M2C-J2FG-JH79
Vulnerability from github – Published: 2025-11-04 18:31 – Updated: 2025-11-04 21:31An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.
{
"affected": [],
"aliases": [
"CVE-2025-54333"
],
"database_specific": {
"cwe_ids": [
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-04T18:16:45Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.",
"id": "GHSA-7m2c-j2fg-jh79",
"modified": "2025-11-04T21:31:34Z",
"published": "2025-11-04T18:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54333"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54333"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-7MV5-5MXH-QG88
Vulnerability from github – Published: 2024-08-30 18:45 – Updated: 2024-08-30 18:45Impact
Decoding a specifically formed message can cause invalid free() or realloc() calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed.
Patches
Preliminary patch is available on git for 0.4.x and 0.3.x branches. The fix will be released in versions 0.3.9.8 and 0.4.5 once testing has been completed.
Workarounds
Following workarounds are available:
* Set the option no_unions for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code.
* Set the type of all fields inside the oneof to FT_POINTER. This ensures that the data contained inside the union is always a valid pointer.
* Heap implementations that guard against invalid free() provide a partial mitigation. Depending on the message type, the pointer value may be attacker controlled and can be used to bypass heap protections.
References
Bug report: https://github.com/nanopb/nanopb/issues/647
For more information
If you have any questions or comments about this advisory, comment on the bug report linked above.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "nanopb"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.2"
},
{
"fixed": "0.3.9.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "nanopb"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.4.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21401"
],
"database_specific": {
"cwe_ids": [
"CWE-763"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-30T18:45:41Z",
"nvd_published_at": "2021-03-23T18:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nDecoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed.\n\n### Patches\nPreliminary patch is available on git for [0.4.x](https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261) and [0.3.x](https://github.com/nanopb/nanopb/commit/4a375a560651a86726e5283be85a9231fd0efe9c) branches. The fix will be released in versions 0.3.9.8 and 0.4.5 once testing has been completed.\n\n### Workarounds\nFollowing workarounds are available:\n* Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code.\n* Set the type of all fields inside the oneof to `FT_POINTER`. This ensures that the data contained inside the `union` is always a valid pointer.\n* Heap implementations that guard against invalid `free()` provide a partial mitigation. Depending on the message type, the pointer value may be attacker controlled and can be used to bypass heap protections.\n\n### References\nBug report: https://github.com/nanopb/nanopb/issues/647\n\n### For more information\nIf you have any questions or comments about this advisory, comment on the bug report linked above.",
"id": "GHSA-7mv5-5mxh-qg88",
"modified": "2024-08-30T18:45:41Z",
"published": "2024-08-30T18:45:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21401"
},
{
"type": "WEB",
"url": "https://github.com/nanopb/nanopb/issues/647"
},
{
"type": "WEB",
"url": "https://github.com/nanopb/nanopb/commit/4a375a560651a86726e5283be85a9231fd0efe9c"
},
{
"type": "WEB",
"url": "https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261"
},
{
"type": "PACKAGE",
"url": "https://github.com/nanopb/nanopb"
},
{
"type": "WEB",
"url": "https://github.com/nanopb/nanopb/blob/c9124132a604047d0ef97a09c0e99cd9bed2c818/CHANGELOG.txt#L1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/nanopb/PYSEC-2021-432.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "nanopb vulnerable to invalid free() call with oneofs and PB_ENABLE_MALLOC"
}
GHSA-7PXJ-W55V-HWP4
Vulnerability from github – Published: 2024-05-15 15:30 – Updated: 2024-07-03 18:41A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
{
"affected": [],
"aliases": [
"CVE-2024-25079"
],
"database_specific": {
"cwe_ids": [
"CWE-763",
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-15T15:15:07Z",
"severity": "HIGH"
},
"details": "A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.",
"id": "GHSA-7pxj-w55v-hwp4",
"modified": "2024-07-03T18:41:56Z",
"published": "2024-05-15T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25079"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge/SA-2024001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-82F5-GHC6-RJ5C
Vulnerability from github – Published: 2023-07-06 21:15 – Updated: 2024-04-04 05:46Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
{
"affected": [],
"aliases": [
"CVE-2023-0459"
],
"database_specific": {
"cwe_ids": [
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-25T14:15:09Z",
"severity": "MODERATE"
},
"details": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u00a074e19ef0ff8061ef55957c3abd71614ef0f42f47",
"id": "GHSA-82f5-ghc6-rj5c",
"modified": "2024-04-04T05:46:54Z",
"published": "2023-07-06T21:15:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0459"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-89MG-6P9G-4JFJ
Vulnerability from github – Published: 2023-03-19 03:30 – Updated: 2024-08-22 21:31In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.
{
"affected": [],
"aliases": [
"CVE-2022-48425"
],
"database_specific": {
"cwe_ids": [
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-19T03:15:00Z",
"severity": "HIGH"
},
"details": "In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.",
"id": "GHSA-89mg-6p9g-4jfj",
"modified": "2024-08-22T21:31:27Z",
"published": "2023-03-19T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48425"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=467333af2f7b95eeaa61a5b5369a80063cd971fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/fs/ntfs3?id=467333af2f7b95eeaa61a5b5369a80063cd971fd"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230413-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CGH-48G2-RJ4J
Vulnerability from github – Published: 2026-01-16 00:30 – Updated: 2026-01-16 00:30Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.
{
"affected": [],
"aliases": [
"CVE-2025-14233"
],
"database_specific": {
"cwe_ids": [
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-16T00:16:27Z",
"severity": "CRITICAL"
},
"details": "Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.",
"id": "GHSA-8cgh-48g2-rj4j",
"modified": "2026-01-16T00:30:55Z",
"published": "2026-01-16T00:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14233"
},
{
"type": "WEB",
"url": "https://canon.jp/support/support-info/260115vulnerability-response"
},
{
"type": "WEB",
"url": "https://psirt.canon/advisory-information/cp2026-001"
},
{
"type": "WEB",
"url": "https://www.canon-europe.com/support/product-security"
},
{
"type": "WEB",
"url": "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-8MP8-J92P-F4Q7
Vulnerability from github – Published: 2023-04-24 06:31 – Updated: 2024-03-25 03:31An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.
{
"affected": [],
"aliases": [
"CVE-2023-31082"
],
"database_specific": {
"cwe_ids": [
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-24T06:15:07Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.",
"id": "GHSA-8mp8-j92p-f4q7",
"modified": "2024-03-25T03:31:43Z",
"published": "2023-04-24T06:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31082"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1210781"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230929-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8VJX-3VGX-66MX
Vulnerability from github – Published: 2023-01-11 15:30 – Updated: 2023-01-19 15:30There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above
{
"affected": [],
"aliases": [
"CVE-2022-4696"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-11T13:15:00Z",
"severity": "HIGH"
},
"details": "There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won\u0027t use current-\u003ensproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current-\u003ensproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above",
"id": "GHSA-8vjx-3vgx-66mx",
"modified": "2023-01-19T15:30:31Z",
"published": "2023-01-11T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4696"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=75454b4bbfc7e6a4dd8338556f36ea9107ddf61a"
},
{
"type": "WEB",
"url": "https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8W89-3RVR-HM3W
Vulnerability from github – Published: 2022-05-01 18:22 – Updated: 2025-04-09 03:45Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
{
"affected": [],
"aliases": [
"CVE-2007-4367"
],
"database_specific": {
"cwe_ids": [
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-08-15T23:17:00Z",
"severity": "HIGH"
},
"details": "Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a \"virtual function call on an invalid pointer.\"",
"id": "GHSA-8w89-3rvr-hm3w",
"modified": "2025-04-09T03:45:12Z",
"published": "2022-05-01T18:22:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4367"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36039"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00006.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26477"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26545"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26635"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200708-17.xml"
},
{
"type": "WEB",
"url": "http://www.opera.com/support/search/view/865"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/25331"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1018572"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/2904"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-957W-PHR7-H5MC
Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.
{
"affected": [],
"aliases": [
"CVE-2017-0731"
],
"database_specific": {
"cwe_ids": [
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-09T21:29:00Z",
"severity": "HIGH"
},
"details": "A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.",
"id": "GHSA-957w-phr7-h5mc",
"modified": "2022-05-13T01:40:34Z",
"published": "2022-05-13T01:40:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0731"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-08-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100204"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
Mitigation
When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
Mitigation MIT-4.6
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, glibc in Linux provides protection against free of invalid pointers.
Mitigation
Use a language that provides abstractions for memory allocation and deallocation.
No CAPEC attack patterns related to this CWE.