CWE-468 – Incorrect Pointer Scaling

Read Time:35 Second

Description

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-682

 

Consequences

Confidentiality, Integrity: Read Memory, Modify Memory

Incorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use a platform with high-level memory abstractions.

Phase: Implementation

Description: 

Always use array indexing instead of direct pointer manipulation.

Phase: Architecture and Design

Description: 

Use technologies for preventing buffer overflows.

CVE References