CWE-123: Write-what-where Condition
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
常见后果
影响范围: Integrity Confidentiality Availability Access Control
技术影响: Modify Memory Execute Unauthorized Code or Commands Gain Privileges or Assume Identity DoS: Crash, Exit, or Restart Bypass Protection Mechanism
说明: Clearly, write-what-where conditions can be used to write data to areas of memory outside the scope of a policy. Also, they almost invariably can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. If the attacker can overwrite a pointer's worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator.
影响范围: Integrity Availability
技术影响: DoS: Crash, Exit, or Restart Modify Memory
说明: Many memory accesses can lead to program termination, such as when writing to addresses that are invalid for the current process.
影响范围: Access Control Other
技术影响: Bypass Protection Mechanism Other
说明: When the consequence is arbitrary code execution, this can often be used to subvert any other security service.
潜在缓解措施
阶段: Architecture and Design
策略: Language Selection
描述: Use a language that provides appropriate memory abstractions.
阶段: Operation
描述: Use OS-level preventative functionality integrated after the fact. Not a complete solution.
观察示例
参考: CVE-2019-19911
Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190).
参考: CVE-2022-0545
Chain: 3D renderer has an integer overflow (CWE-190) leading to write-what-where condition (CWE-123) using a crafted image.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Write-what-where condition | - |
| CERT C Secure Coding | ARR30-C | Do not form or use out-of-bounds pointers or array subscripts | Imprecise |
| CERT C Secure Coding | ARR38-C | Guarantee that library functions do not form invalid pointers | Imprecise |
| CERT C Secure Coding | STR31-C | Guarantee that storage for strings has sufficient space for character data and the null terminator | Imprecise |
| CERT C Secure Coding | STR32-C | Do not pass a non-null-terminated character sequence to a library function that expects a string | Imprecise |
| Software Fault Patterns | SFP8 | Faulty Buffer Access | - |