CWE-1105: Insufficient Encapsulation of Machine-Dependent Functionality
The product or code uses machine-dependent functionality, but it does not sufficiently encapsulate or isolate this functionality from the rest of the code.
View on MITREExtended Description
This issue makes it more difficult to port or maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.
Technical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
No mitigation information available for this CWE.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Demonstrative Examples
In this example function, the memory address of variable b is derived by adding 1 to the address of variable a. This derived address is then used to assign the value 0 to b.
Here, b may not be one byte past a. It may be one byte in front of a. Or, they may have three bytes between them because they are aligned on 32-bit boundaries.
CWE Relationships
Frequently Asked Questions
What is CWE-1105: Insufficient Encapsulation of Machine-Dependent Functionality?+
CWE-1105: Insufficient Encapsulation of Machine-Dependent Functionality is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product or code uses machine-dependent functionality, but it does not sufficiently encapsulate or isolate this functionality from the rest of the code. This issue makes it more difficult to port or maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.
What are the security consequences of Insufficient Encapsulation of Machine-Dependent Functionality?+
If exploited, CWE-1105 (Insufficient Encapsulation of Machine-Dependent Functionality) it can compromise Other, leading to outcomes such as Reduce Maintainability.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-1105 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.