CWE-588: Attempt to Access Child of a Non-structure Pointer

Description

Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2021-3510

JSON decoder accesses a C union using an invalid offset to an object

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Modify Memory — Notes: Adjacent variables in memory may be corrupted by assignments performed on fields after the cast.
Impact: DoS: Crash, Exit, or Restart — Notes: Execution may end due to a memory access error.

Potential Mitigations

Requirements: The choice could be made to use a language that is not susceptible to these issues. (N/A)
Implementation: Review of type casting operations can identify locations where incompatible types are cast. (N/A)

Applicable Platforms

None listed.

Demonstrative Examples

Intro: The following example demonstrates the weakness.

struct foo { int i; } ... int main(int argc, char **argv) { *foo = (struct foo *)main; foo->i = 2; return foo->i; }

Notes

No notes available.

← Back to CWE list