ByteOS Network

CWE-588:Attempt to Access Child of a Non-structure Pointer

Weakness ID:588

Version:v4.17

Weakness Name:Attempt to Access Child of a Non-structure Pointer

Vulnerability Mapping:Allowed

Abstraction:Variant

Structure:Simple

Status:Incomplete

Details Content History Observed CVE Examples Reports

▼Description

Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.

▼Relationships

Relevant to the view"Research Concepts - (1000)"

Nature	Mapping	Type	ID	Name
ChildOf	Allowed-with-Review	C	704	Incorrect Type Conversion or Cast
ChildOf	Allowed-with-Review	C	758	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Nature: ChildOf

Mapping: Allowed-with-Review

Type: Class

ID: 704

Name: Incorrect Type Conversion or Cast

Nature: ChildOf

Mapping: Allowed-with-Review

Type: Class

ID: 758

Name: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

▼Memberships

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	971	SFP Secondary Cluster: Faulty Pointer Use
MemberOf	Prohibited	C	1416	Comprehensive Categorization: Resource Lifecycle Management

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 971

Name: SFP Secondary Cluster: Faulty Pointer Use

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1416

Name: Comprehensive Categorization: Resource Lifecycle Management

▼Tags

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	BS	BOSS-324	DoS: Crash, Exit, or Restart (impact)
MemberOf	Prohibited	BS	BOSS-331	Modify Memory (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-324

Name: DoS: Crash, Exit, or Restart (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-331

Name: Modify Memory (impact)

▼Relevant To View

Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	971	SFP Secondary Cluster: Faulty Pointer Use

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 971

Name: SFP Secondary Cluster: Faulty Pointer Use

▼Common Consequences

Scope	Likelihood	Impact	Note
Integrity	N/A	Modify Memory	Adjacent variables in memory may be corrupted by assignments performed on fields after the cast.
Availability	N/A	DoS: Crash, Exit, or Restart	Execution may end due to a memory access error.

Scope: Integrity

Likelihood: N/A

Impact: Modify Memory

Note:

Adjacent variables in memory may be corrupted by assignments performed on fields after the cast.

Scope: Availability

Likelihood: N/A

Impact: DoS: Crash, Exit, or Restart

Note:

Execution may end due to a memory access error.

▼Potential Mitigations

Phase:Requirements

Description:

The choice could be made to use a language that is not susceptible to these issues.

Phase:Implementation

Description:

Review of type casting operations can identify locations where incompatible types are cast.

▼Modes Of Introduction

Phase: Implementation

Note:

N/A

▼Demonstrative Examples

Example 1

The following example demonstrates the weakness.

Language: C(Bad code)

struct foo { int i; } ... int main(int argc, char **argv) { *foo = (struct foo *)main; foo->i = 2; return foo->i; }

▼Observed Examples

Reference	Description
CVE-2021-3510	JSON decoder accesses a C union using an invalid offset to an object

Reference: CVE-2021-3510

Description:

JSON decoder accesses a C union using an invalid offset to an object

▼Vulnerability Mapping Notes

Usage:Allowed

Reason:Acceptable-Use

Rationale:

This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

▼Taxonomy Mappings

Taxonomy Name	Entry ID	Fit	Entry Name
Software Fault Patterns	SFP7	N/A	Faulty Pointer Use

Taxonomy Name: Software Fault Patterns

Entry ID: SFP7

Fit: N/A

Entry Name: Faulty Pointer Use