CWE-587β€”Assignment of a Fixed Address to a Pointer

PUBLISHEDweakness record
released 2006-12-15 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-587
Abstraction:
Variant
Structure:
Simple
Status:
Draft
Release Date:
2006-12-15
Latest Modification Date:
2025-12-11

Weakness Name

Assignment of a Fixed Address to a Pointer

Description

The product sets a pointer to a specific address other than NULL or 0.

Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.

Common Consequences

Scope:
Integrity, Confidentiality, Availability
Impact:
Execute Unauthorized Code or Commands
Notes:
If one executes code at a known location, an attacker might be able to inject code there beforehand.
Scope:
Availability
Impact:
DoS: Crash, Exit, or Restart, Reduce Maintainability, Reduce Reliability
Notes:
If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.
Scope:
Confidentiality, Integrity
Impact:
Read Memory, Modify Memory
Notes:
The data at a known pointer location can be easily read or influenced by an attacker.

Related Weaknesses