Reliance on Data/Memory LayoutID: 188 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The software makes invalid assumptions about how protocol data
or memory is organized at a lower level, resulting in unintended program
behavior.
Likelihood of Exploit: Low
Applicable PlatformsLanguage: CLanguage: C++
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
Scope | Technical Impact | Notes |
---|
IntegrityConfidentiality | Modify memoryRead memory | Can result in unintended modifications or exposure of sensitive
memory. |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
ImplementationArchitecture and Design | | In flat address space situations, never allow computing memory
addresses as offsets from another memory address. | | |
Architecture and Design | | Fully specify protocol layout unambiguously, providing a structured
grammar (e.g., a compilable yacc grammar). | | |
Testing | | Testing: Test that the implementation properly handles each case in
the protocol grammar. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-188 ChildOf CWE-907 | Category | CWE-888 | |
Demonstrative ExamplesNone
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
CLASP | | Reliance on data layout | |
References:
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 6, "Structure Padding", Page 284.'. Published on 2006.