CWE-467 3 CVEs MITRE definition ↗

CWE-467: Use of sizeof() on a Pointer Type

Overview

CWE-467 (Use of sizeof() on a Pointer Type) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language C Undetermined
language C++ Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2025-33132 2025-10-28 IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of t…
CVE-2021-47456 2024-05-22 In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cau…
CVE-2020-1638 2020-04-08 The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reac…

Content submission

Name
CLASP
Date
2006-07-19
Version
Draft 3

Content modifications

Date Name Version Importance Comment
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-08-01 1.0 added/updated white box definitions
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Demonstrative_Examples
2009-12-28 CWE Content Team 1.7 updated Demonstrative_Examples
2010-02-16 CWE Content Team 1.8 updated Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Relationships
2014-06-23 CWE Content Team 2.7 updated Description, Other_Notes
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Demonstrative_Examples, Taxonomy_Mappings, White_Box_Definitions
2019-01-03 CWE Content Team 3.2 updated Relationships
2020-02-24 CWE Content Team 4.0 updated References
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-11-19 CWE Content Team 4.16 updated Description
2025-04-03 CWE Content Team 4.17 updated Demonstrative_Examples

Contributions

Type Name Date Comment
Feedback Marco Trosi 2024-10-21 Identified inappropriate emphasis on pointers to data allocated with malloc(), leading to a description change.
cvelogic Threat Intelligence