1. Resource Leak:
Resource leak is a particular type of resource consumption by a computer program where the program does not release resources it has acquired or when a software makes resources available to untrusted parties where those resources are only intended to be accessed by the software. This condition is normally the result of a bug in a program. Typical resource leaks include memory leak and handle leak.
* Fixes or mitigation:
Resource leaks can be prevented or fixed by resource management: programming techniques or language constructs may prevent leaks by releasing resources promptly, while a separate process may reclaim resources that have been leaked. Many resource leaks are fixed by resource reclamation by the operating system after the process terminates and makes an exit system call.
2) Use of Uninitialized Data
In computing, an uninitialized variable (containing junk data) is a variable that is declared but is not set to a definite known value before it is used. It will have some value, but not a predictable one. As such, it is a programming error and a common source of bugs/vulnerability in software.
* Fixes and Mitigation:
Since the main vulnerability issue arises from not explicitly defined variables of data, the logical mitigation method is clearly if all variables are assigned an initial defined value. Another fixing and prevention methods are like turning-on compiler’s warning signs to complain when there is uninitialized variables uses. Not using languages that does not require explicit declaration of variables are also one way of fixing it.
3) Memory Corruptions
Memory corruption occurs in a computer program when the content of a memory location are modified due to programmatic behavior that exceeds the intention of the original programmer or program/language constructs; this is termed violating memory safety. The most likely cause of memory corruption is programming error.
* Fixes and Mitigation:
One of the mitigation and fixing methods can be to introduce powerful features of explicit memory management and pointer arithmetic, which are designed to develop efficient applications and system software. Memory debuggers such as Purify, Valgrind, Insure++, Parasoft C/C++test, AddressSanitizer can also be used to detect memory corruption errors.
4) Buffer Overruns
Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations.
*Fixes and Mitigation:
The most reliable way to avoid or prevent buffer overflows is to use automatic protection at the language level, that’s pre-design language or compiler that performs automatic bounds checking. Buffer overflow protection methods, which can detect the most common buffer overflows by checking that the stack has not been altered, are also one way of protection. Pointers, which buffer overflows work by manipulating it can be protected by introducing compliers like Point-Guard, which prevent attackers from being able to reliably manipulate pointers and addresses, can also be another solution to buffer overrun.
5) Control Flow Issues:
Control flow is the order in which individual statements, instructions or function calls of an imperative program are executed or evaluated. Lack of non-strict functional languages in the control flow command creates control flow Issues.
*Fixes and Mitigation:
Since one way to attack a piece of software is to redirect the flow of execution of a program, a strict functional language of a control flow is necessary to mitigate and fix it. Some of control flow integrity techniques used to defend against attack and vulnerability are stack canaries, buffer overflow protection, shadow stacks, and vtable pointer verification.
Birhane: compiled and organized from course materials.