In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.
View on MITREIncorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read.
Use a platform with high-level memory abstractions.
Always use array indexing instead of direct pointer manipulation.
Use technologies for preventing buffer overflows.
No detection method information available for this CWE.
This example attempts to calculate the position of the second byte of a pointer.
In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment.
No relationship information available for this CWE.
CWE-468: Incorrect Pointer Scaling is a Common Weakness Enumeration (CWE) entry maintained by MITRE. In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.
If exploited, CWE-468 (Incorrect Pointer Scaling) it can compromise Confidentiality and Integrity, leading to outcomes such as Read Memory and Modify Memory.
Recommended mitigations for CWE-468 include: Use a platform with high-level memory abstractions. Always use array indexing instead of direct pointer manipulation. Use technologies for preventing buffer overflows.
CWE-468 commonly affects C and C++. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-468 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.