BF Specification of CVE-2013-4934

Missing direct initialization of the 'netmon->frame_table' pointer to NULL leads to a wild pointer, which, when used for explicit deallocation of its object on the heap leads to a double free. If exploited, this can lead to denial of service – application crash.



Bug ReportCode with BugCode with FixNVD Entry
MADThe pointer to an object is initialized, repositioned, or reassigned to an improper memory address.
MMNAn object is allocated, deallocated, or resized improperly.
Initialize (pointer)
DeallocateRelease the allocated memory of an object.
Code Defect BugThe operation has a bug, which is the first cause for the chain of weaknesses underlying a software security vulnerability. The bug must be fixed to resolve the vulnerability.
   Missing CodeThe entire operation implementation or a part of its specification is absent.
Address Error/FaultThe object address in use is wrong.
   Wild PointerPoints to an arbitrary address, because it has not been initialized or an erroneous allocation routine is used.
Memory Corruption/Disclosure Final ErrorAn exploitable or undefined system behavior caused by memory addressing, allocation, use, and deallocation bugs.
   Double FreeAn attempt to deallocate a deallocated object or via an uninitialized pointer.
Operation AttributeDefinition
MechanismShows how the buggy/faulty operation code is performed.
   DirectThe operation is performed on a particular object element.
   ExplicitThe operation is performed by a function/method call.
Source CodeShows where the buggy/faulty operation code is in the program -- in what kind of software.
   CodebaseThe operation is in the programmer's code - in the application itself.
Execution SpaceShows where the buggy/faulty operation code is running or with what privilege level).
   UserlandThe bugged code runs in an environment with privilege levels, but in unprivileged mode (e.g., ring 3 in x86 architecture).
Operand AttributeDefinition
Address StateShows where the address is in the memory layout.
   HeapThe object is a dynamically allocated data structure (e.g., via malloc() and new).
Size KindShows what the limit for traversal of the object is.
   UsedA supplied size for an object.