Description
The software makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: Low
Related Weaknesses
Consequences
Integrity, Confidentiality: Modify Memory, Read Memory
Can result in unintended modifications or exposure of sensitive memory.
Potential Mitigations
Phase: Implementation, Architecture and Design
Description:
In flat address space situations, never allow computing memory addresses as offsets from another memory address.
Phase: Architecture and Design
Description:
Fully specify protocol layout unambiguously, providing a structured grammar (e.g., a compilable yacc grammar).
Phase: Testing
Description:
Testing: Test that the implementation properly handles each case in the protocol grammar.