CWE-587 将一个固定地址复制给指针类漏洞列表 1

CWE-587 将一个固定地址复制给指针类弱点 1 条 CVE 漏洞汇总，含 AI 中文分析。

CWE-587属于内存管理漏洞，指将指针直接赋值给固定地址而非空值。由于不同平台内存布局差异，该地址往往无效，导致程序崩溃或不可移植。攻击者可利用此缺陷引发拒绝服务，或在特定环境下触发任意代码执行。开发者应避免硬编码地址，改用动态内存分配或相对寻址，确保代码在不同环境中的兼容性与稳定性。

MITRE CWE 官方描述

CWE：CWE-587 将固定地址赋值给指针 (Assignment of a Fixed Address to a Pointer) 英文：产品将指针设置为除 NULL 或 0 以外的特定地址。使用固定地址不具备可移植性，因为该地址在所有环境或平台中可能均无效。

常见影响 (3)

Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands

If one executes code at a known location, an attacker might be able to inject code there beforehand.

AvailabilityDoS: Crash, Exit, or Restart, Reduce Maintainability, Reduce Reliability

If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.

Confidentiality, IntegrityRead Memory, Modify Memory

The data at a known pointer location can be easily read or influenced by an attacker.

缓解措施 (1)

ImplementationNever set a pointer to a fixed address.

代码示例 (1)

This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.

int (*pt2Function) (float, char, char)=0x08040000; int result2 = (*pt2Function) (12, 'a', 'b'); // Here we can inject code to execute.

Bad · C

CVE ID	标题	CVSS	风险等级	Published
CVE-2021-28216	Tianocore Edk2 安全漏洞 — EDK II	7.7	-	2021-08-05

CWE-587（将一个固定地址复制给指针）是常见的弱点类别，本平台收录该类弱点关联的 1 条 CVE 漏洞。

CWE-587 将一个固定地址复制给指针 类漏洞列表 1