logo

CWE-587 - Assignment of a Fixed Address to a Pointer

  • Abstraction:Variant
  • Structure:Simple
  • Status:Draft
  • Release Date:2006-12-15
  • Latest Modification Date:2024-02-29

Weakness Name

Assignment of a Fixed Address to a Pointer

Description

The product sets a pointer to a specific address other than NULL or 0.

Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.

Common Consequences

Scope: Integrity, Confidentiality, Availability

Impact: Execute Unauthorized Code or Commands

Notes: If one executes code at a known location, an attacker might be able to inject code there beforehand.

Scope: Availability

Impact: DoS: Crash, Exit, or Restart, Reduce Maintainability, Reduce Reliability

Notes: If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.

Scope: Confidentiality, Integrity

Impact: Read Memory, Modify Memory

Notes: The data at a known pointer location can be easily read or influenced by an attacker.

Related Weaknesses

CWE-344Use of Invariant Value in Dynamically Changing Context

CWE-758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior