Weakness ID: 587 Abstraction: Base
The software sets a pointer to a specific address other than NULL or 0.
Using a fixed address is not portable because that address will probably not be valid in all environments or platforms.
Time of Introduction
- Architecture and Design
Technical Impact: Execute unauthorized code or
If one executes code at a known location, an attacker might be able to
inject code there beforehand.
Technical Impact: DoS: crash / exit /
If the code is ported to another platform or environment, the pointer
is likely to be invalid and cause a crash.
Technical Impact: Read memory; Modify memory
The data at a known pointer location can be easily read or influenced
by an attacker.
This code assumes a particular function will always be found at a
particular address. It assigns a pointer to that address and calls the
int (*pt2Function) (float, char, char)=0x08040000;
int result2 = (*pt2Function) (12, 'a', 'b');
// Here we can inject code to execute.
The same function may not always be found at the same memory address.
This could lead to a crash, or an attacker may alter the memory at the
expected address, leading to arbitrary code execution.
Never set a pointer to a fixed address.
the weakness exists independent of other weaknesses)
|Mapped Taxonomy Name||Node ID||Fit||Mapped Node Name|
|CERT C Secure Coding||INT11-C||Take care when converting from pointer to integer or integer
|CERT C++ Secure Coding||INT11-CPP||Take care when converting from pointer to integer or integer
|Software Fault Patterns||SFP1||Glitch in computation|
White Box Definitions
A weakness where code path has:
1. end statement that assigns an address to a pointer
2. start statement that defines the address and the address is a
|added/updated white box definitions|
|2008-09-08||CWE Content Team||MITRE||Internal|
|updated Applicable_Platforms, Description, Relationships,
|2008-11-24||CWE Content Team||MITRE||Internal|
|2009-03-10||CWE Content Team||MITRE||Internal|
|2009-07-27||CWE Content Team||MITRE||Internal|
|updated Common_Consequences, Description,
|2011-06-01||CWE Content Team||MITRE||Internal|
|2011-09-13||CWE Content Team||MITRE||Internal|
|2012-05-11||CWE Content Team||MITRE||Internal|
|2014-07-30||CWE Content Team||MITRE||Internal|
More information is available — Please select a different filter.