CWE-825: Expired Pointer Dereference

BaseIncomplete

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

View on MITRE

Back to CWE Lookup

Extended Description

When a product releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the product to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.

Technical Details

Structure: Simple

Applicable To

Languages

CC++

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-825

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references