VariantDraft

CWE-587Assignment of a Fixed Address to a Pointer

Category: memory

Description

The product sets a pointer to a specific address other than NULL or 0. Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.

Common consequences· 3

  • Integrity / Confidentiality / Availability — Execute Unauthorized Code or Commands
    If one executes code at a known location, an attacker might be able to inject code there beforehand.
  • Availability — DoS: Crash, Exit, or Restart, Reduce Maintainability, Reduce Reliability
    If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.
  • Confidentiality / Integrity — Read Memory, Modify Memory
    The data at a known pointer location can be easily read or influenced by an attacker.

Potential mitigations· 1

  • [Implementation]Never set a pointer to a fixed address.

References

  1. https://cwe.mitre.org/data/definitions/587.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Out-of-range Pointer Offset
CWE
Untrusted Pointer Dereference
CWE
NULL Pointer Dereference
CWE
Use After Free
CWE
Access of Uninitialized Pointer
CWE
Expired Pointer Dereference
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.