CAPEC-14: Client-side Injection-induced Buffer Overflow
ID
CAPEC-14
Typical Severity
High
Likelihood Of Attack
Medium
Status
Draft
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-20 | Improper Input Validation | weakness |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | weakness |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') | weakness |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | weakness |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | weakness |
| CWE-353 | Missing Support for Integrity Check | weakness |
| CWE-680 | Integer Overflow to Buffer Overflow | weakness |
| CWE-697 | Incorrect Comparison | weakness |