Description
The software sets a pointer to a specific address other than NULL or 0.
Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-344
CWE-758
Consequences
Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands
If one executes code at a known location, an attacker might be able to inject code there beforehand.
Availability: DoS: Crash, Exit, or Restart, Reduce Maintainability, Reduce Reliability
If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.
Confidentiality, Integrity: Read Memory, Modify Memory
The data at a known pointer location can be easily read or influenced by an attacker.
Potential Mitigations
Phase: Implementation
Description:
Never set a pointer to a fixed address.
CVE References
