Read Time:35 Second
Description
In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.
Modes of Introduction:
– Implementation
Likelihood of Exploit: Medium
Related Weaknesses
Consequences
Confidentiality, Integrity: Read Memory, Modify Memory
Incorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read.
Potential Mitigations
Phase: Architecture and Design
Description:
Use a platform with high-level memory abstractions.
Phase: Implementation
Description:
Always use array indexing instead of direct pointer manipulation.
Phase: Architecture and Design
Description:
Use technologies for preventing buffer overflows.