In software development, a NULL pointer is a pointer variable that does not reference any valid memory location. Dereferencing such a pointer—attempting to access the memory it supposedly points to—results in undefined behaviour. In many systems, this leads to crashes, data corruption, or even exploitable vulnerabilities.
CWE-119 pertains to scenarios where software operations exceed the allocated memory buffer’s boundaries, leading to buffer overflows. This flaw can result in various adverse consequences, including data corruption, application crashes, and security vulnerabilities exploitable by attackers. A buffer overflow occurs when data written to a memory buffer exceeds its storage capacity, potentially overwriting adjacent memory locations.
Out-of-bounds write vulnerabilities (CWE-787) are among the most dangerous weaknesses in software development. If left unchecked, these vulnerabilities can have significant repercussions, including data corruption, service outages, and, in the worst cases, remote code execution.
An out-of-bounds write occurs when a program writes data outside the bounds of allocated memory, causing code compromise in the software.