CAPEC-129
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Opisy CAPEC
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.
Informacje CAPEC
Wymagania wstępne
The target application must have a pointer variable that the attacker can influence to hold an arbitrary value.Wymagane zasoby
None: No specialized resources are required to execute this type of attack.Powiązane słabości
| Nazwa słabości | |
|---|---|
CWE-682 |
Incorrect Calculation The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. |
CWE-822 |
Untrusted Pointer Dereference The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. |
CWE-823 |
Use of Out-of-range Pointer Offset The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. |
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Description Summary, Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses |
