Description
A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
Potential Impact
Confidentiality, Integrity
Read Memory, Modify Memory
Detection Methods
- Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea
- Automated Dynamic Analysis Moderate — Use tools that are integrated during compilation to insert runtime error-checking mechanisms related to memory safety errors, such as AddressSanitizer (ASan) for C/C++ [REF-1518].
Related Weaknesses
Taxonomy Mappings
- 7 Pernicious Kingdoms: — Illegal Pointer Value
- Software Fault Patterns: SFP1 — Glitch in computation
Frequently Asked Questions
What is CWE-466?
CWE-466 (Return of Pointer Value Outside of Expected Range) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
How can CWE-466 be exploited?
Attackers can exploit CWE-466 (Return of Pointer Value Outside of Expected Range) to read memory, modify memory. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-466?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-466?
CWE-466 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.