Exposure of Core Dump File to an Unauthorized Control Sphere

Draft Variant

Structure: Simple

Description

The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

Common Consequences 1

Scope: Confidentiality

Impact: Read Application DataRead Files or Directories

Detection Methods 1

Automated Static AnalysisHigh

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Potential Mitigations 1

Phase: System Configuration

Protect the core dump files from unauthorized access.

Modes of Introduction

Operation

Related Weaknesses

ChildOf:

Files or Directories Accessible to External Parties (CWE-552)

Taxonomy Mapping

CERT C Secure Coding