CWE-588 - Attempt to Access Child of a Non-structure Pointer
- Abstraction:Variant
- Structure:Simple
- Status:Incomplete
- Release Date:2006-12-15
- Latest Modification Date:2023-10-26
Weakness Name
Attempt to Access Child of a Non-structure Pointer
Description
Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.
Common Consequences
Scope: Integrity
Impact: Modify Memory
Notes: Adjacent variables in memory may be corrupted by assignments performed on fields after the cast.
Scope: Availability
Impact: DoS: Crash, Exit, or Restart
Notes: Execution may end due to a memory access error.
Related Weaknesses
CWE-704Incorrect Type Conversion or Cast
CWE-758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Oracle denies breach after hacker claims theft of 6 million data records
Oracle Health breach compromises patient data at US hospitals
Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
Employee charged with stealing unreleased movies, sharing them online
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
CWE-164 Improper Neutralization of Internal Special Elements
CWE-318 Cleartext Storage of Sensitive Information in Executable
CWE-158 Improper Neutralization of Null Byte or NUL Character
CWE-836 Use of Password Hash Instead of Password for Authentication