CWE-825: Expired Pointer Dereference

ID CWE-825

Abstraction Base

Structure Simple

Status Incomplete

Number of CVEs 17

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

When a product releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the product to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer	Class	Simple	Stable
CWE-1305	CISQ Quality Measures (2020)	Incomplete	CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer	Class	Simple	Stable
CWE-1340	CISQ Data Protection Measures	Incomplete	CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer	Class	Simple	Stable
CWE-1000	Research Concepts	Draft	CWE-672	Operation on a Resource after Expiration or Release	Class	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-125	Out-of-bounds Read	Base	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-787	Out-of-bounds Write	Base	Simple	Draft

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date