Overflow of static internal buffer
A non-final static field can be viewed and edited in dangerous ways.
- Integrity: The object could potentially be tampered with.
- Confidentiality: The object could potentially allow the object to be read.
- Design through Implementation: This is a simple logical issue which can be easily remedied through simple protections.
- Languages: Java, C++
- Operating platforms: Any
Likelihood of exploit
Avoidance and mitigation
- Design through Implementation: Make any static fields private and final.
Non-final fields, which are not public can be read and written to by arbitrary Java code.
public int password r = 45; In Java:
static public String r; This is a uninitiated static class which can be accessed without a get-accessor and changed without a set-accessor.