BaseDraft

CWE-188Reliance on Data/Memory Layout

Category: memory

Description

The product makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.

Common consequences· 1

  • Integrity / Confidentiality — Modify Memory, Read Memory
    Can result in unintended modifications or exposure of sensitive memory.

Potential mitigations· 3

  • [Implementation, Architecture and Design]In flat address space situations, never allow computing memory addresses as offsets from another memory address.
  • [Architecture and Design]Fully specify protocol layout unambiguously, providing a structured grammar (e.g., a compilable yacc grammar).
  • [Testing]Testing: Test that the implementation properly handles each case in the protocol grammar.

References

  1. https://cwe.mitre.org/data/definitions/188.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE
Violation of Secure Design Principles
CWE
Use of Out-of-range Pointer Offset
CWE
Buffer Over-read
CWE
Use of Low-Level Functionality
CWE
Improper Handling of Overlap Between Protected Memory Ranges
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.