CWE-1079: Parent Class without Virtual Destructor Method
Learn about CWE-1079 (Parent Class without Virtual Destructor Method), its security impact, exploitation methods, and prevention guidelines.
What is Parent Class without Virtual Destructor Method?
• Overview: A vulnerability where a parent class does not have a virtual destructor, which can lead to undefined behavior when child class objects are deleted through base class pointers.
• Exploitation Methods:
- Attackers can exploit this by forcing the deletion of a derived class object through a base class pointer, potentially causing resource leaks or undefined behavior.
- Common attack patterns involve manipulating object lifecycles to trigger these vulnerabilities, possibly leading to crashes or unpredictable software behavior.
• Security Impact:
- Direct consequences include memory leaks or incomplete object destruction, leading to resource mismanagement.
- Potential cascading effects may involve application instability, crashes, or data corruption.
- Business impact includes decreased reliability, potential for denial of service, and increased maintenance costs due to debugging and fixing complex issues.
• Prevention Guidelines:
- Ensure that base classes with derived classes have virtual destructors to guarantee proper cleanup.
- Follow object-oriented programming principles to manage resource lifecycles effectively.
- Use static analysis tools to detect missing virtual destructors in class hierarchies.
Corgea can automatically detect and fix Parent Class without Virtual Destructor Method in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not specified
Affected Technologies: Not specified