CWE-762
Mismatched Memory Management Routines
Extended description
This weakness can be generally described as mismatching memory management routines, such as: The memory was allocated on the stack (automatically), but it was deallocated using the memory management routine free() (CWE-590), which is intended for explicitly allocated heap memory. The memory was allocated explicitly using one set of memory management functions, and deallocated using a different set. For example, memory might be allocated with malloc() in C++ instead of the new operator, and then deallocated with the delete operator. When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed.
Common consequences1
- IntegrityAvailabilityConfidentialityModify MemoryDoS: Crash, Exit, or RestartExecute Unauthorized Code or Commands
Potential mitigations4
- Implementation
Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
- Implementation
Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
- Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, glibc in Linux provides protection against free of invalid pointers.
- Architecture and Design
Use a language that provides abstractions for memory allocation and deallocation.
CVEs referencing this CWE12
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2023-41056 | Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. | HIGH8.1 | 2.58%p83 | 2025-06-17 | |
| CVE-2024-2955 | T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file | HIGH7.5 | 1.41%p69 | 2026-04-08 | |
| CVE-2025-48431 | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message. | HIGH7.5 | 0.66%p47 | 2026-04-28 | |
| CVE-2023-45510 | tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error. | HIGH7.5 | 0.59%p44 | 2024-11-21 | |
| CVE-2025-47737 | lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero. | CRITICAL9.8 | 0.46%p37 | 2026-06-09 | |
| CVE-2024-4853 | Memory handling issue in editcap could cause denial of service via crafted capture file | MEDIUM5.5 | 0.42%p33 | 2026-03-27 | |
| CVE-2025-49080 | There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are no attack requirements, privileges, or user interaction required. Loss of availability is high; there is no impact on confidentiality or integrity. | HIGH7.5 | 0.32%p23 | 2025-06-23 | |
| CVE-2025-48755 | In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type). | CRITICAL9.8 | 0.30%p21 | 2026-01-30 | |
| CVE-2023-3648 | Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file | MEDIUM5.5 | 0.23%p14 | 2025-11-03 | |
| CVE-2025-20189 | A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of time to an affected device. A successful exploit could allow the attacker to exhaust system resources, which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not present, the router reloads. | HIGH7.4 | 0.20%p10 | 2025-08-05 | |
| CVE-2024-32503 | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper memory deallocation checking, which can result in a UAF (Use-After-Free) vulnerability. | HIGH7.8 | 0.20%p10 | 2025-02-13 | |
| CVE-2025-11015 | A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. | MEDIUM5.3 | 0.13%p3 | 2026-04-29 |