The vulnerabilites described in ISO/IEC 24772-1:2022 clause 6.12.1 also apply to C++. The vulnerabilities caused by out-of-bounds access are covered in clause 6.8.
Pointers to functions, pointers to members, and pointers to void do not allow pointer arithmetic.
The set of valid pointers referring to an array consists of the pointers to each array element plus the pointer just past the end of the array, however dereferencing a pointer one past the end of the array is undefined behaviour. A pointer to a single object is considered to point to an array of size one with respect to pointer arithmetic.
Adding or subtracting an integral value to a pointer value must yield a result that is a valid pointer refering to the same array, otherwise the behavior is undefined. Note: the built-in indexing operator is defined in terms of pointer arithmetic.
Subtraction of two pointers has undefined behaviour unless both pointers refer to the same array or are both null.
Comparison of two pointers with one of the operators < > <= >= <=> has unspecified behaviour unless both pointers refer to the same underlying array or object. The standard library function objects for comparison, like std::less<>, provide a strict total order of pointers of a given type.
Iterators as defined by the standard library suffer from similar vulnerabilities as pointer arithmetic. Comparison and subtraction of two iterators, or computing std::distance cause undefined behavior for iterators that refer to different ranges. Forming an iterator that is outside of its underlying range similarly is undefined behavior.
To avoid the vulnerability or mitigate its ill effects, C++ software developers can:
Avoid explicit pointer arithmetic, especially on a pointer to a single object.
Prefer calling range-based algorithms over pointer arithmetic.
Use the avoidance mechanisms of 6.8.2.
Compare arbitrary pointers to objects with the standard library comparison function objects instead of the operators < > <= >= <=>.