Description
Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.
Potential Impact
Integrity
Modify Memory
Availability
DoS: Crash, Exit, or Restart
Demonstrative Examples
struct foo{int i;}...int main(int argc, char **argv){*foo = (struct foo *)main;foo->i = 2;return foo->i;}Mitigations & Prevention
The choice could be made to use a language that is not susceptible to these issues.
Review of type casting operations can identify locations where incompatible types are cast.
Detection Methods
- Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2021-3510 | JSON decoder accesses a C union using an invalid offset to an object |
Related Weaknesses
Taxonomy Mappings
- Software Fault Patterns: SFP7 — Faulty Pointer Use
Frequently Asked Questions
What is CWE-588?
CWE-588 (Attempt to Access Child of a Non-structure Pointer) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.
How can CWE-588 be exploited?
Attackers can exploit CWE-588 (Attempt to Access Child of a Non-structure Pointer) to modify memory. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-588?
Key mitigations include: The choice could be made to use a language that is not susceptible to these issues.
What is the severity of CWE-588?
CWE-588 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.