QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-823

Back to CWE list

CWE-823

Use of Out-of-range Pointer Offset

Base
Incomplete

Description

The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.

{"xhtml:p":["While a pointer can contain a reference to any arbitrary memory location, a program typically only intends to use the pointer to access limited portions of memory, such as contiguous memory used to access an individual array.","Programs may use offsets in order to access fields or sub-elements stored within structured data. The offset might be out-of-range if it comes from an untrusted source, is the result of an incorrect calculation, or occurs because of another error.","If an attacker can control or influence the offset so that it points outside of the intended boundaries of the structure, then the attacker may be able to read or write to memory locations that are used elsewhere in the product. As a result, the attack might change the state of the product as accessed through program variables, cause a crash or instable behavior, and possibly lead to code execution."]}

Common Consequences

Scope

Confidentiality

Impact

Read Memory

Scope

Availability

Impact

DoS: Crash, Exit, or Restart

Scope

Integrity
Confidentiality
Availability

Impact

Execute Unauthorized Code or Commands, Modify Memory

CVE-2010-2160

Invalid offset in undocumented opcode leads to memory corruption.

CVE-2010-1281

Multimedia player uses untrusted value from a file when using file-pointer calculations.

CVE-2009-3129

Spreadsheet program processes a record with an invalid size field, which is later used as an offset.

CVE-2009-2694

Instant messaging library does not validate an offset value specified in a packet.

CVE-2009-2687

Language interpreter does not properly handle invalid offsets in JPEG image, leading to out-of-bounds memory access and crash.

CVE-2009-0690

negative offset leads to out-of-bounds read

CVE-2008-4114

untrusted offset in kernel

CVE-2010-2873

"blind trust" of an offset value while writing heap memory allows corruption of function pointer,leading to code execution

CVE-2010-2866

negative value (signed) causes pointer miscalculation

CVE-2010-2872

signed values cause incorrect pointer calculation

+7 more examples

Applicable Platforms

Memory-Unsafe
C
C++

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now