CWE-123
Write-what-where Condition
AI Translation Available
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
Status
draft
Abstraction
base
Likelihood
high
Affected Platforms
C
C++
Memory-Unsafe
Technical Details
AI Translation
Common Consequences
integrity
confidentiality
availability
access control
other
Impacts
modify memory
execute unauthorized code or commands
gain privileges or assume identity
dos: crash, exit, or restart
bypass protection mechanism
other
Detection Methods
automated static analysis
automated dynamic analysis
Potential Mitigations
Phases:
architecture and design
operation
Descriptions:
•
Use a language that provides appropriate memory abstractions.
•
Use OS-level preventative functionality integrated after the fact. Not a complete solution.
Functional Areas
memory management