CWE-587Assignment of a Fixed Address to a Pointer

PUBLISHEDweakness record
released 2006-12-15 · last modified 2025-12-11

Metadata

CWE ID:
CWE-587
摘要:
Variant
结构:
Simple
状态:
Draft
发布日期:
2006-12-15
更新日期:
2025-12-11

名称

Assignment of a Fixed Address to a Pointer

描述

The product sets a pointer to a specific address other than NULL or 0.

Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.

常见后果

范围:
Integrity, Confidentiality, Availability
影响:
Execute Unauthorized Code or Commands
注释:
If one executes code at a known location, an attacker might be able to inject code there beforehand.
范围:
Availability
影响:
DoS: Crash, Exit, or Restart, Reduce Maintainability, Reduce Reliability
注释:
If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.
范围:
Confidentiality, Integrity
影响:
Read Memory, Modify Memory
注释:
The data at a known pointer location can be easily read or influenced by an attacker.

相关 CWE