Overflow of static internal buffer
Last revision (mm/dd/yy): 02/19/2009
A non-final static field can be viewed and edited in dangerous ways.
- Integrity: The object could potentially be tampered with.
- Confidentiality: The object could potentially allow the object to be read.
- Design through Implementation: This is a simple logical issue which can be easily remedied through simple protections.
- Languages: Java, C++
- Operating platforms: Any
Likelihood of exploit
Non-final fields, which are not public can be read and written to by arbitrary Java code.
- Talk about the factors that make this vulnerability likely or unlikely to actually happen
- Discuss the technical impact of a successful exploit of this vulnerability
- Consider the likely [business impacts] of a successful attack
public int password r = 45;
static public String r;
This is a uninitiated static class which can be accessed without a get-accessor and changed without a set-accessor.
- Design through Implementation: Make any static fields private and final.
Related Technical Impacts