shared × unstructured — bad data written permanently, and it spreads
Data Corruption
When data without a contract is written across a shared boundary -- memory, a wire, a store -- the badness is durable: it overwrites, exposes, or poisons what others read. The hallmark: permanent damage and information exposure.
Unvalidated data crossing a shared boundary persists and propagates, so the damage is permanent and reaches other actors.
In the wild
Memory Corruption
Memory-level positioning gone wrong — structural destruction and boundary smashes.
An unchecked length writes past the buffer into adjacent, shared memory.
Recursion depth driven by attacker-shaped nested input runs off the stack and corrupts adjacent memory.
A value read as one type but used as another writes through a bad pointer, corrupting whatever shared memory sits at that address.
Two threads write one shared buffer at an unvalidated offset with no lock; their writes overlap and run past the end, leaving permanent corruption no single thread would produce.
A 'not found' sentinel return used unchecked as a write offset writes past the start of a shared file -- the same unchecked-return defect that elsewhere becomes the CWE-690 null dereference.
Semantic Corruption
Logical poisoning, encoding failures, and mismatched representations.
A single divide-by-zero feeds NaN into a shared running total; NaN is absorbing, so every later reader gets garbage forever.
Bytes written in one charset and read back assuming another corrupt the stored text permanently.
Reading a byte stream in fixed chunks with no length contract lets records split and merge — then persist mis-framed.
A value silently narrowed to the wrong type is added to a shared running total; the lock keeps the write safe but cannot restore the meaning the coercion threw away.
A value that can be negative is converted to unsigned before being folded into a shared, contended total -- the conversion turns it into a huge positive number that permanently skews the aggregate.
Representational Corruption
Session bleed and schema drift across boundaries.
Per-request data written into a shared singleton with no validation lets one user's input overwrite the field another user then reads.
Two deployed versions share one store with no schema contract, so one writes what the other can't read.
Unvalidated input is persisted once, then trusted every time it is read back out.
Deserializing bytes that crossed a trust boundary turns a payload into live objects.
An input the cache key ignores gets baked into a stored response and replayed to everyone.