1. Home
  2. CWE Database
  3. CWE-587
Variant · Low-Medium

CWE-587: Assignment of a Fixed Address to a Pointer

The product sets a pointer to a specific address other than NULL or 0.

CWE-587 · Variant Level ·1 Mitigations

Description

The product sets a pointer to a specific address other than NULL or 0.

Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.

Potential Impact

Integrity, Confidentiality, Availability

Execute Unauthorized Code or Commands

Availability

DoS: Crash, Exit, or Restart, Reduce Maintainability, Reduce Reliability

Confidentiality, Integrity

Read Memory, Modify Memory

Demonstrative Examples

This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.
Bad
int (*pt2Function) (float, char, char)=0x08040000;int result2 = (*pt2Function) (12, 'a', 'b');
                     // Here we can inject code to execute.
The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution.

Mitigations & Prevention

Implementation

Never set a pointer to a fixed address.

Detection Methods

  • Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea
  • Automated Dynamic Analysis Moderate — Use tools that are integrated during compilation to insert runtime error-checking mechanisms related to memory safety errors, such as AddressSanitizer (ASan) for C/C++ [REF-1518].

CWE-344: Use of Invariant Value in Dynamically Changing Context

The product uses a constant value, name, or reference, but this value can (or should) vary across different environments...

CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always...

Taxonomy Mappings

  • CERT C Secure Coding: INT36-C — Converting a pointer to integer or integer to pointer
  • Software Fault Patterns: SFP1 — Glitch in computation

Frequently Asked Questions

What is CWE-587?

CWE-587 (Assignment of a Fixed Address to a Pointer) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product sets a pointer to a specific address other than NULL or 0.

How can CWE-587 be exploited?

Attackers can exploit CWE-587 (Assignment of a Fixed Address to a Pointer) to execute unauthorized code or commands. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-587?

Key mitigations include: Never set a pointer to a fixed address.

What is the severity of CWE-587?

CWE-587 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.