UAF

Jan 1, 0001

Definition

UAF, or Use-After-Free, is a type of vulnerability that occurs when a program continues to use a pointer after it has been freed. This can lead to undefined behavior, including crashes, data corruption, or even arbitrary code execution. UAF vulnerabilities are typically found in languages that allow manual memory management, such as C and C++, and can be exploited by attackers to gain control over a program’s execution flow.

Secure Settings Example

#include <stdlib.h>

void safeFunction() {
    int *ptr = (int *)malloc(sizeof(int));
    if (ptr != NULL) {
        *ptr = 42;
        // Use the pointer safely
        free(ptr);
        ptr = NULL; // Secure practice: Nullify the pointer after freeing
    }
}

Insecure Settings Example

#include <stdlib.h>

void unsafeFunction() {
    int *ptr = (int *)malloc(sizeof(int));
    if (ptr != NULL) {
        *ptr = 42;
        free(ptr);
        // Insecure practice: Using the pointer after it has been freed
        *ptr = 24; // Use-After-Free vulnerability
    }
}

UAF

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter