CAPEC-100: Overflow Buffers
ID
CAPEC-100
Typical Severity
Very High
Likelihood Of Attack
High
Status
Draft
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | weakness |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | weakness |
| CWE-129 | Improper Validation of Array Index | weakness |
| CWE-131 | Incorrect Calculation of Buffer Size | weakness |
| CWE-680 | Integer Overflow to Buffer Overflow | weakness |
| CWE-805 | Buffer Access with Incorrect Length Value | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| WASC | 07 | Buffer Overflow |
| OWASP Attacks | Buffer overflow attack |