Meta attack pattern
Draft
Log in
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.
Last updated
CAPEC-129 (Pointer Manipulation) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
Common questions about CAPEC-129.
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.
CAPEC-129 exploits 3 CWE weaknesses, including CWE-682 (Incorrect Calculation), CWE-822 (Untrusted Pointer Dereference), CWE-823 (Use of Out-of-range Pointer Offset).
MITRE rates CAPEC-129 as Medium severity.
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.