CVEbaza.plSłownik CWECWE-762
Common Weakness Enumeration

CWE-762

Mismatched Memory Management Routines

Kategoria: VariantCVE: 12
Opis

Produkt próbuje zwrócić zasób pamięci do systemu, ale wywołuje funkcję zwalniającą, która jest niezgodna z funkcją pierwotnie użytą do przydzielenia tego zasobu. Może to prowadzić do błędów pamięci i niestabilności aplikacji.

Description (EN)

The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.

Podatności CVE z CWE-762 (12)
8.7
CVSS
HIGH
CVE-2025-49080

There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are no attack requirements, privileges, or user interaction required. Loss of availability is high; there is no impact on confidentiality or integrity.

pub. 2025-06-12
8.4
CVSS
HIGH
CVE-2024-32503

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper memory deallocation checking, which can result in a UAF (Use-After-Free) vulnerability.

pub. 2024-06-07
8.1
CVSS
HIGH
CVE-2023-41056

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

pub. 2024-01-10
7.8
CVSS
HIGH
CVE-2024-2955

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file

pub. 2024-03-26
7.5
CVSS
HIGH
CVE-2025-48431

Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message.

pub. 2026-04-28
7.5
CVSS
HIGH
CVE-2023-45510

tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.

pub. 2023-10-12
7.4
CVSS
HIGH
CVE-2025-20189

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of time to an affected device. A successful exploit could allow the attacker to exhaust system resources, which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not present, the router reloads.

pub. 2025-05-07
5.3
CVSS
MEDIUM
CVE-2023-3648

Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file

pub. 2023-07-14
3.6
CVSS
LOW
CVE-2024-4853

Memory handling issue in editcap could cause denial of service via crafted capture file

pub. 2024-05-14
2.9
CVSS
LOW
CVE-2025-48755

In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).

pub. 2025-05-24
2.9
CVSS
LOW
CVE-2025-47737

lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.

pub. 2025-05-09
1.9
CVSS
LOW
CVE-2025-11015

W OGRECave Ogre do wersji 14.4.1 zidentyfikowano słabość w funkcji STBIImageCodec::encode w pliku /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. Podatność prowadzi do niezgodności w rutynach zarządzania pamięcią i wymaga lokalnego dostępu. Exploit został ujawniony publicznie.

pub. 2025-09-26
Informacje
ID: CWE-762
Typ: Variant
Podatności: 12
MITRE CWE ↗
← Słownik CWE