Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.

What are the consequences of CWE-375?

Exploiting CWE-375 can lead to: Modify Memory.

CWE-375: Returning a Mutable Object to an Untrusted Caller

How to prevent it

Practical mitigations for CWE-375, grouped by where in the lifecycle they apply.

Implementation

Declare returned data which should not be altered as constant or immutable.

Implementation

Clone all mutable data before returning references to it. This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.

CWE-375: Returning a Mutable Object to an Untrusted Caller

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

This class has a private list of patients, but provides a way to see the list :

Vulnerable example

java

public class ClinicalTrial {

While this code only means to allow reading of the patient list, the getPatients() method returns a reference to the class's original patient list instead of a reference to a copy of the list. Any caller of this method can arbitrarily modify the contents of the patient list even though it is a private member of the class.

How to prevent it

CWE-375: Returning a Mutable Object to an Untrusted Caller

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-375?

How do you prevent CWE-375?

What are the consequences of CWE-375?

References

Stay ahead of CWE-375

How to prevent it

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-375?

How do you prevent CWE-375?

What are the consequences of CWE-375?

References

Stay ahead of CWE-375