CWE-468: Incorrect Pointer Scaling

CWE-468: Incorrect Pointer Scaling | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

This example attempts to calculate the position of the second byte of a pointer.

Vulnerable example

int *p = x;

In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment.

CWE-468: Incorrect Pointer Scaling

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-468?

What CVEs are caused by CWE-468?

How do you prevent CWE-468?

How is CWE-468 detected?

What are the consequences of CWE-468?

Is CWE-468 actively exploited?

References

Stay ahead of CWE-468

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-468?

What CVEs are caused by CWE-468?

How do you prevent CWE-468?

How is CWE-468 detected?

What are the consequences of CWE-468?

Is CWE-468 actively exploited?

References

Stay ahead of CWE-468