CWE-587: Assignment of a Fixed Address to a Pointer
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product sets a pointer to a specific address other than NULL or 0.
扩展描述
Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.
常见后果
影响范围: Integrity Confidentiality Availability
技术影响: Execute Unauthorized Code or Commands
说明: If one executes code at a known location, an attacker might be able to inject code there beforehand.
影响范围: Availability
技术影响: DoS: Crash, Exit, or Restart Reduce Maintainability Reduce Reliability
说明: If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.
影响范围: Confidentiality Integrity
技术影响: Read Memory Modify Memory
说明: The data at a known pointer location can be easily read or influenced by an attacker.
潜在缓解措施
阶段: Implementation
描述: Never set a pointer to a fixed address.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | INT36-C | Converting a pointer to integer or integer to pointer | Imprecise |
| Software Fault Patterns | SFP1 | Glitch in computation | - |