CWE-781
Overview
- CWE ID
- 781
- CWE Name
- Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
- CWE Abstraction
- Variant
- CWE structure
- Simple
- CWE Status
- Draft
Description
The software defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.
Extended Description
When an IOCTL uses the METHOD_NEITHER option for I/O control, it is the responsibility of the IOCTL to validate the addresses that have been supplied to it. If validation is missing or incorrect, attackers can supply arbitrary memory addresses, leading to