- What is CWE-763?
- The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
- What CVEs are caused by CWE-763?
- 38 recorded CVEs are attributed to CWE-763, including CVE-2026-52993, CVE-2026-22770, CVE-2024-44852.
- How do you prevent CWE-763?
- Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
- How is CWE-763 detected?
- Fuzzing: Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.
- What are the consequences of CWE-763?
- Exploiting CWE-763 can lead to: Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands.
- Is CWE-763 actively exploited?
- 38 recorded CVEs are caused by CWE-763; none are currently in CISA's KEV catalog of actively exploited flaws.