CWE-468: Incorrect Pointer Scaling

BaseIncompleteExploit Likelihood: Medium

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

View on MITRE
Back to CWE Lookup

Technical Details

Structure
Simple

Applicable To

Languages
CC++
Platforms

Frequently Asked Questions

What is CWE-468: Incorrect Pointer Scaling?+

CWE-468: Incorrect Pointer Scaling is a Common Weakness Enumeration (CWE) entry maintained by MITRE. In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

What are the security consequences of Incorrect Pointer Scaling?+

If exploited, CWE-468 (Incorrect Pointer Scaling) it can compromise Confidentiality and Integrity, leading to outcomes such as Read Memory and Modify Memory.

How do you prevent or mitigate Incorrect Pointer Scaling?+

Recommended mitigations for CWE-468 include: Use a platform with high-level memory abstractions. Always use array indexing instead of direct pointer manipulation. Use technologies for preventing buffer overflows.

Which programming languages are affected by Incorrect Pointer Scaling?+

CWE-468 commonly affects C and C++. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-468 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More