Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Modify Memory (impact)
ID:BOSS-331
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view categorizes and displays weaknesses based on the 'Modify Memory' consequence impact.

▼Memberships
NatureMappingTypeIDName
HasMemberDiscouragedC119Improper Restriction of Operations within the Bounds of a Memory Buffer
HasMemberAllowedB1190DMA Device Enabled Too Early in Boot Phase
HasMemberAllowedB1191On-Chip Debug and Test Interface With Improper Access Control
HasMemberAllowed-with-ReviewB120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMemberAllowedV121Stack-based Buffer Overflow
HasMemberAllowedV122Heap-based Buffer Overflow
HasMemberAllowedB1220Insufficient Granularity of Access Control
HasMemberAllowedB123Write-what-where Condition
HasMemberAllowedB1231Improper Prevention of Lock Bit Modification
HasMemberAllowedB1232Improper Lock Behavior After Power State Transition
HasMemberAllowedB1233Security-Sensitive Hardware Controls with Missing Lock Bit Protection
HasMemberAllowedB124Buffer Underwrite ('Buffer Underflow')
HasMemberAllowedB1242Inclusion of Undocumented Features or Chicken Bits
HasMemberAllowedB1243Sensitive Non-Volatile Information Not Protected During Debug
HasMemberAllowedB1244Internal Asset Exposed to Unsafe Debug Access Level or State
HasMemberAllowedB1247Improper Protection Against Voltage and Clock Glitches
HasMemberAllowedB1253Incorrect Selection of Fuse Values
HasMemberAllowedV1255Comparison Logic is Vulnerable to Power Side-Channel Attacks
HasMemberAllowedB1256Improper Restriction of Software Interfaces to Hardware Features
HasMemberAllowedB1257Improper Access Control Applied to Mirrored or Aliased Memory Regions
HasMemberAllowedB1259Improper Restriction of Security Token Assignment
HasMemberAllowedB1260Improper Handling of Overlap Between Protected Memory Ranges
HasMemberAllowedB1262Improper Access Control for Register Interface
HasMemberAllowedB1267Policy Uses Obsolete Encoding
HasMemberAllowedB1268Policy Privileges are not Assigned Consistently Between Control and Data Agents
HasMemberAllowedB1270Generation of Incorrect Security Tokens
HasMemberAllowedB1273Device Unlock Credential Sharing
HasMemberAllowedB1274Improper Access Control for Volatile Memory Containing Boot Code
HasMemberAllowedB128Wrap-around Error
HasMemberAllowedB1280Access Control Check Implemented After Asset is Accessed
HasMemberAllowedV129Improper Validation of Array Index
HasMemberAllowedB1290Incorrect Decoding of Security Identifiers
HasMemberAllowedB1291Public Key Re-Use for Signing both Debug and Production Code
HasMemberAllowedB1292Incorrect Conversion of Security Identifiers
HasMemberAllowed-with-ReviewC1294Insecure Security Identifier Mechanism
HasMemberAllowedB1296Incorrect Chaining or Granularity of Debug Components
HasMemberAllowedB1297Unprotected Confidential Information on Device is Accessible by OSAT Vendors
HasMemberAllowedB1299Missing Protection Mechanism for Alternate Hardware Interface
HasMemberAllowedB130Improper Handling of Length Parameter Inconsistency
HasMemberAllowedB1302Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)
HasMemberAllowedB131Incorrect Calculation of Buffer Size
HasMemberAllowedB1311Improper Translation of Security Attributes by Fabric Bridge
HasMemberAllowedB1312Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
HasMemberAllowedB1313Hardware Allows Activation of Test or Debug Logic at Runtime
HasMemberAllowedB1315Improper Setting of Bus Controlling Capability in Fabric End-point
HasMemberAllowedB1316Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
HasMemberAllowedB1317Improper Access Control in Fabric Bridge
HasMemberAllowedB1318Missing Support for Security Features in On-chip Fabrics or Buses
HasMemberAllowedB1319Improper Protection against Electromagnetic Fault Injection (EM-FI)
HasMemberAllowedB1326Missing Immutable Root of Trust in Hardware
HasMemberAllowedV1330Remanent Data Readable after Memory Erase
HasMemberAllowedB134Use of Externally-Controlled Format String
HasMemberAllowedB1342Information Exposure through Microarchitectural State after Transient Execution
HasMemberAllowedB1429Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
HasMemberAllowedB170Improper Null Termination
HasMemberAllowedB188Reliance on Data/Memory Layout
HasMemberAllowedB190Integer Overflow or Wraparound
HasMemberAllowedB191Integer Underflow (Wrap or Wraparound)
HasMemberAllowedB193Off-by-one Error
HasMemberAllowedV194Unexpected Sign Extension
HasMemberAllowedV196Unsigned to Signed Conversion Error
HasMemberAllowedB197Numeric Truncation Error
HasMemberDiscouragedC20Improper Input Validation
HasMemberAllowedB364Signal Handler Race Condition
HasMemberAllowedB367Time-of-check Time-of-use (TOCTOU) Race Condition
HasMemberAllowedB374Passing Mutable Objects to an Untrusted Method
HasMemberAllowedB375Returning a Mutable Object to an Untrusted Caller
HasMemberAllowedV415Double Free
HasMemberAllowedV416Use After Free
HasMemberAllowedB466Return of Pointer Value Outside of Expected Range
HasMemberAllowedV467Use of sizeof() on a Pointer Type
HasMemberAllowedB468Incorrect Pointer Scaling
HasMemberAllowedB469Use of Pointer Subtraction to Determine Size
HasMemberAllowedB476NULL Pointer Dereference
HasMemberAllowedV479Signal Handler Use of a Non-reentrant Function
HasMemberAllowedB562Return of Stack Variable Address
HasMemberAllowedV587Assignment of a Fixed Address to a Pointer
HasMemberAllowedV588Attempt to Access Child of a Non-structure Pointer
HasMemberAllowedV590Free of Memory not on the Heap
HasMemberAllowedB663Use of a Non-reentrant Function in a Concurrent Context
HasMemberDiscouragedC680Integer Overflow to Buffer Overflow
HasMemberDiscouragedC690Unchecked Return Value to NULL Pointer Dereference
HasMemberAllowedV761Free of Pointer not at Start of Buffer
HasMemberAllowedV762Mismatched Memory Management Routines
HasMemberAllowedB763Release of Invalid Pointer or Reference
HasMemberAllowedB765Multiple Unlocks of a Critical Resource
HasMemberAllowedV781Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
HasMemberAllowedV785Use of Path Manipulation Function without Maximum-sized Buffer
HasMemberDiscouragedB786Access of Memory Location Before Start of Buffer
HasMemberAllowedB787Out-of-bounds Write
HasMemberDiscouragedB788Access of Memory Location After End of Buffer
HasMemberAllowedB805Buffer Access with Incorrect Length Value
HasMemberAllowedV806Buffer Access Using Size of Source Buffer
HasMemberAllowedB822Untrusted Pointer Dereference
HasMemberAllowedB823Use of Out-of-range Pointer Offset
HasMemberAllowedB826Premature Release of Resource During Expected Lifetime
HasMemberAllowedB832Unlock of a Resource that is not Locked
HasMemberAllowedB839Numeric Range Comparison Without Minimum Check
HasMemberAllowedB843Access of Resource Using Incompatible Type ('Type Confusion')
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 119
Name: Improper Restriction of Operations within the Bounds of a Memory Buffer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1190
Name: DMA Device Enabled Too Early in Boot Phase
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1191
Name: On-Chip Debug and Test Interface With Improper Access Control
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 120
Name: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 121
Name: Stack-based Buffer Overflow
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 122
Name: Heap-based Buffer Overflow
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1220
Name: Insufficient Granularity of Access Control
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 123
Name: Write-what-where Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1231
Name: Improper Prevention of Lock Bit Modification
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1232
Name: Improper Lock Behavior After Power State Transition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1233
Name: Security-Sensitive Hardware Controls with Missing Lock Bit Protection
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 124
Name: Buffer Underwrite ('Buffer Underflow')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1242
Name: Inclusion of Undocumented Features or Chicken Bits
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1243
Name: Sensitive Non-Volatile Information Not Protected During Debug
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1244
Name: Internal Asset Exposed to Unsafe Debug Access Level or State
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1247
Name: Improper Protection Against Voltage and Clock Glitches
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1253
Name: Incorrect Selection of Fuse Values
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1255
Name: Comparison Logic is Vulnerable to Power Side-Channel Attacks
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1256
Name: Improper Restriction of Software Interfaces to Hardware Features
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1257
Name: Improper Access Control Applied to Mirrored or Aliased Memory Regions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1259
Name: Improper Restriction of Security Token Assignment
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1260
Name: Improper Handling of Overlap Between Protected Memory Ranges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1262
Name: Improper Access Control for Register Interface
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1267
Name: Policy Uses Obsolete Encoding
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1268
Name: Policy Privileges are not Assigned Consistently Between Control and Data Agents
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1270
Name: Generation of Incorrect Security Tokens
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1273
Name: Device Unlock Credential Sharing
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1274
Name: Improper Access Control for Volatile Memory Containing Boot Code
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 128
Name: Wrap-around Error
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1280
Name: Access Control Check Implemented After Asset is Accessed
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 129
Name: Improper Validation of Array Index
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1290
Name: Incorrect Decoding of Security Identifiers
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1291
Name: Public Key Re-Use for Signing both Debug and Production Code
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1292
Name: Incorrect Conversion of Security Identifiers
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 1294
Name: Insecure Security Identifier Mechanism
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1296
Name: Incorrect Chaining or Granularity of Debug Components
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1297
Name: Unprotected Confidential Information on Device is Accessible by OSAT Vendors
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1299
Name: Missing Protection Mechanism for Alternate Hardware Interface
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 130
Name: Improper Handling of Length Parameter Inconsistency
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1302
Name: Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 131
Name: Incorrect Calculation of Buffer Size
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1311
Name: Improper Translation of Security Attributes by Fabric Bridge
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1312
Name: Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1313
Name: Hardware Allows Activation of Test or Debug Logic at Runtime
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1315
Name: Improper Setting of Bus Controlling Capability in Fabric End-point
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1316
Name: Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1317
Name: Improper Access Control in Fabric Bridge
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1318
Name: Missing Support for Security Features in On-chip Fabrics or Buses
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1319
Name: Improper Protection against Electromagnetic Fault Injection (EM-FI)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1326
Name: Missing Immutable Root of Trust in Hardware
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1330
Name: Remanent Data Readable after Memory Erase
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 134
Name: Use of Externally-Controlled Format String
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1342
Name: Information Exposure through Microarchitectural State after Transient Execution
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1429
Name: Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 170
Name: Improper Null Termination
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 188
Name: Reliance on Data/Memory Layout
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 190
Name: Integer Overflow or Wraparound
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 191
Name: Integer Underflow (Wrap or Wraparound)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 193
Name: Off-by-one Error
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 194
Name: Unexpected Sign Extension
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 196
Name: Unsigned to Signed Conversion Error
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 197
Name: Numeric Truncation Error
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 20
Name: Improper Input Validation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 364
Name: Signal Handler Race Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 367
Name: Time-of-check Time-of-use (TOCTOU) Race Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 374
Name: Passing Mutable Objects to an Untrusted Method
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 375
Name: Returning a Mutable Object to an Untrusted Caller
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 415
Name: Double Free
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 416
Name: Use After Free
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 466
Name: Return of Pointer Value Outside of Expected Range
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 467
Name: Use of sizeof() on a Pointer Type
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 468
Name: Incorrect Pointer Scaling
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 469
Name: Use of Pointer Subtraction to Determine Size
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 476
Name: NULL Pointer Dereference
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 479
Name: Signal Handler Use of a Non-reentrant Function
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 562
Name: Return of Stack Variable Address
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 587
Name: Assignment of a Fixed Address to a Pointer
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 588
Name: Attempt to Access Child of a Non-structure Pointer
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 590
Name: Free of Memory not on the Heap
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 663
Name: Use of a Non-reentrant Function in a Concurrent Context
Nature: HasMember
Mapping: Discouraged
Type: Compound
ID: 680
Name: Integer Overflow to Buffer Overflow
Nature: HasMember
Mapping: Discouraged
Type: Compound
ID: 690
Name: Unchecked Return Value to NULL Pointer Dereference
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 761
Name: Free of Pointer not at Start of Buffer
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 762
Name: Mismatched Memory Management Routines
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 763
Name: Release of Invalid Pointer or Reference
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 765
Name: Multiple Unlocks of a Critical Resource
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 781
Name: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 785
Name: Use of Path Manipulation Function without Maximum-sized Buffer
Nature: HasMember
Mapping: Discouraged
Type: Base
ID: 786
Name: Access of Memory Location Before Start of Buffer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 787
Name: Out-of-bounds Write
Nature: HasMember
Mapping: Discouraged
Type: Base
ID: 788
Name: Access of Memory Location After End of Buffer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 805
Name: Buffer Access with Incorrect Length Value
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 806
Name: Buffer Access Using Size of Source Buffer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 822
Name: Untrusted Pointer Dereference
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 823
Name: Use of Out-of-range Pointer Offset
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 826
Name: Premature Release of Resource During Expected Lifetime
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 832
Name: Unlock of a Resource that is not Locked
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 839
Name: Numeric Range Comparison Without Minimum Check
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 843
Name: Access of Resource Using Incompatible Type ('Type Confusion')
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-331 - Modify Memory (impact)
Details not found