...
The solution is to not allow more than one definition of a non-inline function or object to be admitted into a system.
...
Risk Assessment
Failing to obey the ODR allows the VPTR exploit, which could lead to an attacker being able to execute arbitrary code. However, note that the attacker must have access to the system running the code to introduce the malicious class.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
MSC31-C | ||||||
Component | Value | |||||
Severity | 3 (high) | Likelihood | 1 (unlikely) Remediation cost | 1 (high) | P3 | L3 |
References
- ISO/IEC 14882-2003 Section 3.2, "One definition rule"
...