Reliance on data layout

Revision as of 02:59, 27 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[ carfinder ] http antivirus f prot review [ african antelope eland ] [ africa waterfall ] [ 2 asian cute girl ] [ african job south uk ] j b auto salvage car hire brisbane airport australia [ african american poem about freedom ] [ argus technologies australia ] url [ andrew flintoff autobiography ] [ norton free antivirus scan ] page [ australian securities and investment ] [ panda antivirus platinum 7 crack ] [ australias river map ] [ automotive labor rate ] [ the executive connection australia ] [ australian motor cycle grand prix ] [ antivirus linux symantec ] rolling stones australian releases [ antivirus and security software ] [ distance education in australia ] [ blank map of australia ] [ automobile first gas picture powered ] [ african kopi luwak ] [ zahid akademi fantasia 2 ] [ african country game ] [ cooking classes melbourne australia ] [ sport shop in south africa ] [ automotive security system viper ] [ delegated legislation in australia ] [ auto blic hrvatska ] [ grape malvasia ] [ avg antivirus 7 crack ] [ australia queensland travel ] [ cronulla beach australia day ] [ south africa sports channel ] http [ car rental newcastle australia ] [ dave matthews band tour australia ] [ african dance music south ] [ asian pleasure nyc ] http [ cac auto financing ] [ update antivirus software ] [ antivirus software for server 2003 ] [ auto paint code ] [ australia winter weather ] [ canada working visa australia ] [ cskauto ] [ art posters australia ] imagine asian theatre [ basia milewicz ] [ classic auto mpeg ] [ mr chew asian bever ] norton antivirus live update error [ asiatique teen ] page townsville australia travel cheap ti url [ tanned asian girls ] [ avg antivirus system download ] when is fathers day in australia [ african american black history woman ] [ surfing in western australia ] [ auto cad lt seat ] domain [ automotive lighting company ] [ uninstall norton antivirus corporate edition 9 ] [ australian shepherd breeders canada ] [ homan auto ] automatic gate [ calendar and asian and woman ] [ african culture dances ] [ bank of east asia ] [ panda software antivirus ] http [ auto dealer supplies temporary license tag bag ] [ norton antivirus serial crack ] url [ norton antivirus 2006 keygen ] malaria east africa hays [ australian creeper jeepers ] [ asian peace symbol ] miniature australian shepherds [ trade with asia ] [ asian teen lesbos ] [ asia career in mlm nutritional opportunity supplement ] [ asian medicine elk antler ] site [ new antiviruses ] antivirus stop sign [ antivirus realtime protection failed to load ] african pride highlights [ asian corsets ] This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/27/2009

Vulnerabilities Table of Contents


Assumptions about protocol data or data stored in memory can be invalid, resulting in using data in ways that were unintended.


Access control (including confidentiality and integrity): Can result in unintended modifications or information leaks of data.

Exposure period

Design: This problem can arise when a protocol leaves room for interpretation and is implemented by multiple parties that need to interoperate.

Implementation: This problem can arise by not understanding the subtleties either of writing portable code or of changes between protocol versions.


Protocol errors of this nature can happen on any platform. Invalid memory layout assumptions are possible in languages and environments with a single, flat memory space, such as C/C++ and Assembly.

Required resources



Medium to High

Likelihood of exploit


When changing platforms or protocol versions, data may move in unintended ways. For example, some architectures may place local variables a and b right next to each other with a on top; some may place them next to each other with b on top; and others may add some padding to each. This ensured that each variable is aligned to a proper word size.

In protocol implementations, it is common to offset relative to another field to pick out a specific piece of data. Exceptional conditions - often involving new protocol versions - may add corner cases that lead to the data layout changing in an unusual way. The result can be that an implementation accesses a particular part of a packet, treating data of one type as data of another type.

Risk Factors



In C:

void example() {
  char a;
  char b;
  *(&a + 1) = 0;

Here, b may not be one byte past a. It may be one byte in front of a. Or, they may have three bytes between them because they get aligned to 32-bit boundaries.

Related Attacks

Related Vulnerabilities

Related Controls

  • Design and Implementation: In flat address space situations, never allow computing memory addresses as offsets from another memory address.
  • Design: Fully specify protocol layout unambiguously, providing a structured grammar (e.g., a compilable yacc grammar).
  • Testing: Test that the implementation properly handles each case in the protocol grammar.

Related Technical Impacts