CWE-123

何をどこに書くか

Write-what-where Condition

脆弱性レビュー中

日本語説明

攻撃者が任意の場所に任意の値を書き込める状態。多くの場合、バッファオーバーフローの結果である。

原文 (English)

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

関連する脆弱性

想定される影響

Scope: Integrity, Confidentiality, Availability, Access Control / Impact: Modify Memory; Execute Unauthorized Code or Commands; Gain Privileges or Assume Identity; DoS: Crash, Exit, or Restart; Bypass Protection Mechanism

Scope: Integrity, Availability / Impact: DoS: Crash, Exit, or Restart; Modify Memory

Scope: Access Control, Other / Impact: Bypass Protection Mechanism; Other

対策・緩和策

Use a language that provides appropriate memory abstractions.

Use OS-level preventative functionality integrated after the fact. Not a complete solution.

外部リンク

MITRE公式ページ — CWE-123