CWE-374: Passing Mutable Objects to an Untrusted Method

BaseDraftExploit Likelihood: Medium

The product sends non-cloned mutable data as an argument to a method or function.

View on MITRE
Back to CWE Lookup

Extended Description

The function or method that has been called can alter or delete the mutable data. This could violate assumptions that the calling function has made about its state. In situations where unknown code is called with references to mutable data, this external code could make changes to the data sent. If this data was not previously cloned, the modified data might not be valid in the context of execution.

Technical Details

Structure
Simple

Applicable To

Languages
CC++JavaC#
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-374

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references