Reliance on Data/Memory Layout| ID: 188 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Base |
Description
The software makes invalid assumptions about how protocol data
or memory is organized at a lower level, resulting in unintended program
behavior.
Likelihood of Exploit: Low
Applicable PlatformsLanguage: CLanguage: C++
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| IntegrityConfidentiality | Modify memoryRead memory | Can result in unintended modifications or exposure of sensitive
memory. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| ImplementationArchitecture and Design | | In flat address space situations, never allow computing memory
addresses as offsets from another memory address. | | |
| Architecture and Design | | Fully specify protocol layout unambiguously, providing a structured
grammar (e.g., a compilable yacc grammar). | | |
| Testing | | Testing: Test that the implementation properly handles each case in
the protocol grammar. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-188 ChildOf CWE-907 | Category | CWE-888 | |
Demonstrative ExamplesNone
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| CLASP | | Reliance on data layout | |
References:
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 6, "Structure Padding", Page 284.'. Published on 2006.
