Difference between revisions of "Mutable object returned"

Jump to: navigation, search
Line 1: Line 1:
[[ASDR Table of Contents]]
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]

Latest revision as of 19:41, 20 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 02/20/2009

Vulnerabilities Table of Contents


Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the called function, thereby putting the class in an undefined state.


  • Access Control / Integrity: Potentially data could be tampered with by another function which should not have been tampered with.

Exposure period

  • Implementation: This flaw is a simple logic issue, introduced entirely at implementation time.


  • Languages: C,C++ or Java
  • Operating platforms: Any

Required resources




Likelihood of exploit


In situations where functions return references to mutable data, it is possible that this external code, which called the function, may make changes to the data sent. If this data was not previously cloned, you will be left with modified data which may, or may not, be valid in the context of the class in question.

Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


In C\C++:

  externalClass foo;

  void doStuff() {
//..//Modify foo
    return foo;

In Java:

public class foo {
 private externalClass bar = new externalClass();
 public doStuff(...){
   //..//Modify bar
   return bar;

Related Attacks

Related Vulnerabilities

Related Controls

  • Implementation: Pass in data which should not be alerted as constant or immutable.
  • Implementation: Clone all mutable data before returning references to it. This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.

Related Technical Impacts


Note: A reference to related CWE or CAPEC article should be added when exists. Eg: