English
Français
Light
Dark
System

CVEFind - Alertes CVE

Restez informé en continue
Créer un compte Ouvrez un compte Simple et Gratuit Se connecter Gérez vos alertes

CWE-468 Detail

CWE-468

Incorrect Pointer Scaling
MEDIUM
Incomplete
2006-07-19 00:00 +00:00
2023-06-29 00:00 +00:00
CWE Mitre.org

Alerte pour un CWE

Restez informé de toutes modifications pour un CWE spécifique.
Gestion des alertes

Incorrect Pointer Scaling

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

Informations

Modes Of Introduction

Implementation : Programmers may try to index from a pointer by adding a number of bytes. This is incorrect because C and C++ implicitly scale the operand by the size of the data type.

Applicable Platforms

Language

Name: C (Undetermined)
Name: C++ (Undetermined)

Common Consequences

Scope Impact Likelihood
Confidentiality
Integrity		Read Memory, Modify Memory

Note: Incorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read.

Potential Mitigations

Phases : Architecture and Design
Use a platform with high-level memory abstractions.
Phases : Implementation
Always use array indexing instead of direct pointer manipulation.
Phases : Architecture and Design
Use technologies for preventing buffer overflows.

Vulnerability Mapping Notes

Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

References

REF-18

The CLASP Application Security Process
Secure Software, Inc..
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

Submission

Name Organization Date Date Release Version
CLASP 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifications

Name Organization Date Comment
Eric Dalci Cigital 2008-07-01 +00:00 updated Time_of_Introduction
KDM Analytics 2008-08-01 +00:00 added/updated white box definitions
CWE Content Team MITRE 2008-09-08 +00:00 updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
CWE Content Team MITRE 2008-11-24 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2009-05-27 +00:00 updated Demonstrative_Examples
KDM Analytics 2009-07-17 +00:00 Improved the White_Box_Definition
CWE Content Team MITRE 2009-07-27 +00:00 updated White_Box_Definitions
CWE Content Team MITRE 2009-10-29 +00:00 updated Common_Consequences
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2011-06-27 +00:00 updated Common_Consequences
CWE Content Team MITRE 2012-05-11 +00:00 updated Demonstrative_Examples, References, Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2014-06-23 +00:00 updated Modes_of_Introduction, Other_Notes
CWE Content Team MITRE 2014-07-30 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2017-11-08 +00:00 updated Relationships, Taxonomy_Mappings, White_Box_Definitions
CWE Content Team MITRE 2019-01-03 +00:00 updated Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated References
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes

Plus d'informations
Cliquez sur le bouton à gauche (OFF), pour autoriser l'inscription de cookie améliorant les fonctionnalités du site. Cliquez sur le bouton à gauche (Tout accepter), pour ne plus autoriser l'inscription de cookie améliorant les fonctionnalités du site.