Untrusted Pointer Dereference
This vulnerability occurs when software takes a value from an untrusted source, treats it as a memory address (a pointer), and then accesses that memory location directly for reading or writing.
An attacker can exploit this by providing a pointer to unexpected memory regions. If the software writes to this location, it could corrupt critical data, crash the program, or even allow code execution. If it reads from the location, it might leak sensitive information, cause a crash, or use an arbitrary value from memory, leading to unpredictable behavior. This weakness appears in several forms. For example, the untrusted value might be called directly as a function pointer. In operating system kernels, untrusted pointers can cross the boundary from user space into privileged memory via system calls. It also often arises when code designed for a trusted, isolated environment is later exposed to untrusted network input without proper validation of pointer values.
Impact: Read Memory
If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
Impact: DoS: Crash, Exit, or Restart
If the untrusted pointer references a memory location that is not accessible to the product, or points to a location that is "malformed" or larger than expected by a read or write operation, the application may terminate unexpectedly.
Impact: Execute Unauthorized Code or CommandsModify Memory
If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
- Memory Management
- Memory