CAPEC-8: Buffer Overflow in an API Call
ID
CAPEC-8
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable libraries or shared code can easily target software that makes use of these libraries. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-20 | Improper Input Validation | weakness |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | weakness |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') | weakness |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | weakness |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | weakness |
| CWE-680 | Integer Overflow to Buffer Overflow | weakness |
| CWE-697 | Incorrect Comparison | weakness |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code | weakness |