Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Dangling pointer
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Security holes involving dangling pointers== {{Anchor|use after free}} Like [[buffer overflow|buffer-overflow]] bugs, dangling/wild pointer bugs frequently become security holes. For example, if the pointer is used to make a [[virtual function]] call, a different address (possibly pointing at exploit code) may be called due to the [[vtable]] pointer being overwritten. Alternatively, if the pointer is used for writing to memory, some other data structure may be corrupted. Even if the memory is only read once the pointer becomes dangling, it can lead to information leaks (if interesting data is put in the next structure allocated there) or to [[privilege escalation]] (if the now-invalid memory is used in security checks). When a dangling pointer is used after it has been freed without allocating a new chunk of memory to it, this becomes known as a "use after free" vulnerability.<ref>{{cite web |url=https://cwe.mitre.org/data/definitions/416.html |title=CWE-416: Use After Free |first1=Eric |last1=Dalci |author2=anonymous author |author3=CWE Content Team |date=May 11, 2012 |website=Common Weakness Enumeration |publisher=[[Mitre Corporation]] |access-date=April 28, 2014}}</ref> For example, {{CVE|2014-1776}} is a use-after-free vulnerability in Microsoft Internet Explorer 6 through 11<ref>{{cite web|url=https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776|title=CVE-2014-1776|website=Common Vulnerabilities and Exposures (CVE)|date=2014-01-29|access-date=2017-05-16|archive-url=https://web.archive.org/web/20170430095220/http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776|archive-date=2017-04-30|url-status=dead}}</ref> being used by [[zero-day attack]]s by an [[advanced persistent threat]].<ref>{{cite web |url=http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html |title=New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks |last1=Chen |first1=Xiaobo |last2=Caselden |first2=Dan |last3=Scott |first3=Mike |date=April 26, 2014 |website=FireEye Blog |publisher=[[FireEye]] |access-date=April 28, 2014}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)