The product or code uses machine-dependent functionality, but it does not sufficiently encapsulate or isolate this functionality from the rest of the code.
This issue makes it more difficult to port or maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
N/A
N/A
| Phase | Note |
|---|---|
| None listed. | |
Intro: In this example function, the memory address of variable b is derived by adding 1 to the address of variable a. This derived address is then used to assign the value 0 to b.
Body: Here, b may not be one byte past a. It may be one byte in front of a. Or, they may have three bytes between them because they are aligned on 32-bit boundaries.
void example() { char a; char b; *(&a + 1) = 0; }