CWE-587 - Assignment of a Fixed Address to a Pointer

  • 摘要:Variant
  • 结构:Simple
  • 状态:Draft
  • 发布日期:2006-12-15
  • 更新日期:2025-12-11

名称

Assignment of a Fixed Address to a Pointer

描述

The product sets a pointer to a specific address other than NULL or 0.

Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.

常见后果

范围:Integrity, Confidentiality, Availability

影响:Execute Unauthorized Code or Commands

注释:If one executes code at a known location, an attacker might be able to inject code there beforehand.

范围:Availability

影响:DoS: Crash, Exit, or Restart, Reduce Maintainability, Reduce Reliability

注释:If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.

范围:Confidentiality, Integrity

影响:Read Memory, Modify Memory

注释:The data at a known pointer location can be easily read or influenced by an attacker.

相关 CWE