The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.

What CVEs are caused by CWE-762?

11 recorded CVEs are attributed to CWE-762, including CVE-2025-49080, CVE-2024-32503, CVE-2023-41056.

How do you prevent CWE-762?

Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().

How is CWE-762 detected?

Automated Dynamic Analysis: Use tools that are integrated during compilation to insert runtime error-checking mechanisms related to memory safety errors, such as AddressSanitizer (ASan) for C/C++ [REF-1518] or valgrind [REF-480].

What are the consequences of CWE-762?

Exploiting CWE-762 can lead to: Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands.

Is CWE-762 actively exploited?

11 recorded CVEs are caused by CWE-762; none are currently in CISA's KEV catalog of actively exploited flaws.

CWE-762: Mismatched Memory Management Routines

CVE-2023-41056

Redis vulnerable to integer overflow in certain payloads

CWE-762: Mismatched Memory Management Routines

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.

Vulnerable example

cpp

void foo(){

Safe example

cpp

void foo(){

Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator.

In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.

Vulnerable example

cpp

class A {

In this example, the program calls the delete[] function on non-heap memory.

Vulnerable example

cpp

class A{

CWE-762: Mismatched Memory Management Routines

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Dynamic Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-762?

What CVEs are caused by CWE-762?

How do you prevent CWE-762?

How is CWE-762 detected?

What are the consequences of CWE-762?

Is CWE-762 actively exploited?

References

Stay ahead of CWE-762

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Dynamic Analysis

Code examples

Related weaknesses

Parent

Child

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-762?

What CVEs are caused by CWE-762?

How do you prevent CWE-762?

How is CWE-762 detected?

What are the consequences of CWE-762?

Is CWE-762 actively exploited?

References

Stay ahead of CWE-762