CWE-587 将一个固定地址复制给指针

  • A+
所属分类:CWE(弱点枚举)

CWE-587 将一个固定地址复制给指针

Assignment of a Fixed Address to a Pointer

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

The software sets a pointer to a specific address other than NULL or 0.

扩展描述

Using a fixed address is not portable because that address will probably not be valid in all environments or platforms.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 344 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 758 cwe_View_ID: 1000

适用平台

Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C#', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Class': 'Assembly', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

范围 影响 注释
['Integrity', 'Confidentiality', 'Availability'] Execute Unauthorized Code or Commands If one executes code at a known location, an attacker might be able to inject code there beforehand.
Availability DoS: Crash, Exit, or Restart If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.
['Confidentiality', 'Integrity'] ['Read Memory', 'Modify Memory'] The data at a known pointer location can be easily read or influenced by an attacker.

可能的缓解方案

Implementation

策略:

Never set a pointer to a fixed address.

示例代码

This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.

bad C

int (pt2Function) (float, char, char)=0x08040000;
int result2 = (
pt2Function) (12, 'a', 'b');
// Here we can inject code to execute.

The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CERT C Secure Coding INT36-C Imprecise Converting a pointer to integer or integer to pointer
Software Fault Patterns SFP1 Glitch in computation

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: