Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-466: Return of Pointer Value Outside of Expected Range

Return of Pointer Value Outside of Expected Range
Weakness ID: 466 (Weakness Base)Status: Draft
+ Description

Description Summary

A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms




+ Common Consequences

Technical Impact: Read memory; Modify memory

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class20Improper Input Validation
Seven Pernicious Kingdoms (primary)700
ChildOfWeakness ClassWeakness Class119Improper Restriction of Operations within the Bounds of a Memory Buffer
Research Concepts (primary)1000
ChildOfCategoryCategory465Pointer Issues
Development Concepts (primary)699
ChildOfCategoryCategory738CERT C Secure Coding Section 04 - Integers (INT)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOfCategoryCategory872CERT C++ Secure Coding Section 04 - Integers (INT)
Weaknesses Addressed by the CERT C++ Secure Coding Standard (primary)868
ChildOfCategoryCategory885SFP Cluster: Risky Values
Software Fault Pattern (SFP) Clusters (primary)888
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
7 Pernicious KingdomsIllegal Pointer Value
CERT C Secure CodingINT11-CTake care when converting from pointer to integer or integer to pointer
CERT C++ Secure CodingINT11-CPPTake care when converting from pointer to integer or integer to pointer
+ White Box Definitions

A weakness where code path has:

1. end statement that returns an address associated with a buffer where address is outside the buffer

2. start statement that computes a position into the buffer

+ References
[REF-17] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 5: Buffer Overruns." Page 89. McGraw-Hill. 2010.
+ Maintenance Notes

This entry should have a chaining relationship with CWE-119 instead of a parent / child relationship, however the focus of this weakness does not map cleanly to any existing entries in CWE. A new parent is being considered which covers the more generic problem of incorrect return values. There is also an abstract relationship to weaknesses in which one component sends incorrect messages to another component; in this case, one routine is sending an incorrect value to another.

+ Content History
Submission DateSubmitterOrganizationSource
Externally Mined
Modification DateModifierOrganizationSource
updated Potential_Mitigations, Time_of_Introduction
2008-08-01KDM AnalyticsExternal
added/updated white box definitions
updated Applicable_Platforms, Relationships, Taxonomy_Mappings
updated Relationships, Taxonomy_Mappings
updated Maintenance_Notes
updated Common_Consequences
updated Relationships, Taxonomy_Mappings
updated Potential_Mitigations, References, Relationships
updated Potential_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Illegal Pointer Value
Page Last Updated: June 23, 2014