Tag Archives: CWE- 587

CWE-587 – Assignment of a Fixed Address to a Pointer

Read Time:44 Second

Description

The software sets a pointer to a specific address other than NULL or 0.

Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-344
CWE-758

 

Consequences

Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands

If one executes code at a known location, an attacker might be able to inject code there beforehand.

Availability: DoS: Crash, Exit, or Restart, Reduce Maintainability, Reduce Reliability

If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.

Confidentiality, Integrity: Read Memory, Modify Memory

The data at a known pointer location can be easily read or influenced by an attacker.

 

Potential Mitigations

Phase: Implementation

Description: 

Never set a pointer to a fixed address.

CVE References