CWE-123
Write-what-where Condition
Description
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Modify Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, Bypass Protection Mechanism
Scope
Impact
DoS: Crash, Exit, or Restart, Modify Memory
Scope
Impact
Bypass Protection Mechanism, Other
Potential Mitigations
Use a language that provides appropriate memory abstractions.
Use OS-level preventative functionality integrated after the fact. Not a complete solution.
CVE-2019-19911Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190).
CVE-2022-0545Chain: 3D renderer has an integer overflow (CWE-190) leading to write-what-where condition (CWE-123) using a crafted image.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now