logo

CWE-587 - Assignment of a Fixed Address to a Pointer

CWE-587

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Assignment of a Fixed Address to a Pointer

Description

The product sets a pointer to a specific address other than NULL or 0.

Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.

Common Consequences

Scope: Integrity, Confidentiality, Availability

Impact: Execute Unauthorized Code or Commands

Notes: If one executes code at a known location, an attacker might be able to inject code there beforehand.

Scope: Availability

Impact: DoS: Crash, Exit, or Restart, Reduce Maintainability, Reduce Reliability

Notes: If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.

Scope: Confidentiality, Integrity

Impact: Read Memory, Modify Memory

Notes: The data at a known pointer location can be easily read or influenced by an attacker.

Related Weaknesses

CWE-344Use of Invariant Value in Dynamically Changing Context

CWE-758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

  • Release Date:
  • 2006-12-15
  • Latest Modification Date:
  • 2024-02-29

Free security scan for your website