CAPEC-45: Buffer Overflow via Symbolic Links
ID
CAPEC-45
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-20 | Improper Input Validation | weakness |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | weakness |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') | weakness |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | weakness |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | weakness |
CWE-285 | Improper Authorization | weakness |
CWE-302 | Authentication Bypass by Assumed-Immutable Data | weakness |
CWE-680 | Integer Overflow to Buffer Overflow | weakness |
CWE-697 | Incorrect Comparison | weakness |