Category: SFP Secondary Cluster: Faulty Memory Release
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Faulty Memory Release cluster (SFP12).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-415 | Double Free | The product calls free() twice on the same memory address. |
| CWE-590 | Free of Memory not on the Heap | The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc(). |
| CWE-761 | Free of Pointer not at Start of Buffer | The product calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer. |
| CWE-763 | Release of Invalid Pointer or Reference | The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.