CWE-822 - Untrusted Pointer Dereference

Read Time:1 Minute, 38 Second

Description

The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Modes of Introduction:

Likelihood of Exploit:

Related Weaknesses

CWE-119
CWE-119
CWE-119
CWE-125
CWE-787

Consequences

Confidentiality: Read Memory

If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.

Availability: DoS: Crash, Exit, or Restart

If the untrusted pointer references a memory location that is not accessible to the program, or points to a location that is “malformed” or larger than expected by a read or write operation, the application may terminate unexpectedly.

Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands, Modify Memory

If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.

Potential Mitigations

CVE References

CVE-2007-5655
- message-passing framework interprets values in packets as pointers, causing a crash.

CVE-2010-2299
- labeled as a “type confusion” issue, also referred to as a “stale pointer.” However, the bug ID says “contents are simply interpreted as a pointer… renderer ordinarily doesn’t supply this pointer directly”. The “handle” in the untrusted area is replaced in one function, but not another – thus also, effectively, exposure to wrong sphere (CWE-668).

CVE-2009-1719
- Untrusted dereference using undocumented constructor.

CVE-2009-1250
- An error code is incorrectly checked and interpreted as a pointer, leading to a crash.

CVE-2009-0311
- An untrusted value is obtained from a packet and directly called as a function pointer, leading to code execution.

CVE-2010-1818
- Undocumented attribute in multimedia software allows “unmarshaling” of an untrusted pointer.

CVE-2010-3189
- ActiveX control for security software accepts a parameter that is assumed to be an initialized pointer.

CVE-2010-1253
- Spreadsheet software treats certain record values that lead to “user-controlled pointer” (might be untrusted offset, not untrusted pointer).

InCVE-2007-5655, CWE- 822, Untrusted Pointer Dereference

White House to Tackle AI-Generated Sexual Abuse Images

Legacy Ivanti Cloud Service Appliance Being Exploited

Half of UK Firms Lack Basic Cybersecurity Skills

Advanced Phishing Attacks Put X Accounts at Risk

Apple to Drop Spyware Lawsuit Over Security Concerns

Tackling the Unique Cybersecurity Challenges of Online Learning Platforms

Meta Goes Ahead With Controversial AI Training in UK

23andMe Agrees to $30m Data Breach Settlement

UK Hosts International Cyber Skills Conference

CWE-822 – Untrusted Pointer Dereference

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

CWE-669 – Incorrect Resource Transfer Between Spheres

CWE-67 – Improper Handling of Windows Device Names

CWE-670 – Always-Incorrect Control Flow Implementation

CWE-671 – Lack of Administrator Control over Security