BaseIncomplete

CWE-763Release of Invalid Pointer or Reference

Category: memory

Description

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

Common consequences· 1

  • Integrity / Availability / Confidentiality — Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands
    This weakness may result in the corruption of memory, and perhaps instructions, possibly leading to a crash. If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code.

Potential mitigations· 4

  • [Implementation]Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
  • [Implementation]When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
  • [Architecture and Design]
  • [Architecture and Design]Use a language that provides abstractions for memory allocation and deallocation.

References

  1. https://cwe.mitre.org/data/definitions/763.html

(incoming)3

TypeTargetConfidenceTier
VulnerabilityCVE-2025-14233cve-2025-142330%live
VulnerabilityCVE-2025-25215cve-2025-252150%live
VulnerabilityCVE-2026-22770cve-2026-227700%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Mismatched Memory Management Routines
CWE
Multiple Releases of Same Resource or Handle
CWE
Free of Pointer not at Start of Buffer
CWE
Expired Pointer Dereference
CWE
NULL Pointer Dereference
CWE
Access of Resource Using Incompatible Type ('Type Confusion')
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.