CWE-822 - Untrusted Pointer Dereference

Read Time:1 Minute, 38 Second

Description

The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Modes of Introduction:

Likelihood of Exploit:

Related Weaknesses

CWE-119
CWE-119
CWE-119
CWE-125
CWE-787

Consequences

Confidentiality: Read Memory

If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.

Availability: DoS: Crash, Exit, or Restart

If the untrusted pointer references a memory location that is not accessible to the program, or points to a location that is “malformed” or larger than expected by a read or write operation, the application may terminate unexpectedly.

Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands, Modify Memory

If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.

Potential Mitigations

CVE References

CVE-2007-5655
- message-passing framework interprets values in packets as pointers, causing a crash.

CVE-2010-2299
- labeled as a “type confusion” issue, also referred to as a “stale pointer.” However, the bug ID says “contents are simply interpreted as a pointer… renderer ordinarily doesn’t supply this pointer directly”. The “handle” in the untrusted area is replaced in one function, but not another – thus also, effectively, exposure to wrong sphere (CWE-668).

CVE-2009-1719
- Untrusted dereference using undocumented constructor.

CVE-2009-1250
- An error code is incorrectly checked and interpreted as a pointer, leading to a crash.

CVE-2009-0311
- An untrusted value is obtained from a packet and directly called as a function pointer, leading to code execution.

CVE-2010-1818
- Undocumented attribute in multimedia software allows “unmarshaling” of an untrusted pointer.

CVE-2010-3189
- ActiveX control for security software accepts a parameter that is assumed to be an initialized pointer.

CVE-2010-1253
- Spreadsheet software treats certain record values that lead to “user-controlled pointer” (might be untrusted offset, not untrusted pointer).

InCVE-2007-5655, CWE- 822, Untrusted Pointer Dereference

Ransomware Attack Exposes Data of 5.6 Million Ascension Patients

Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP

Criminal Complaint against LockBit Ransomware Writer

Cryptomining Malware Found in Popular Open Source Packages

Interpol Identifies Over 140 Human Traffickers in New Initiative

ICO Warns of Mobile Phone Festive Privacy Snafu

Friday Squid Blogging: Squid Sticker

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe

Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

CWE-822 – Untrusted Pointer Dereference

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

CWE-669 – Incorrect Resource Transfer Between Spheres

CWE-67 – Improper Handling of Windows Device Names

CWE-670 – Always-Incorrect Control Flow Implementation

CWE-671 – Lack of Administrator Control over Security