1. Home
  2. Weaknesses
  3. CWE-119

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

ID CWE-119
Abstraction Class
Structure Simple
Status Stable
Number of CVEs 12005
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Certain languages allow direct addressing of memory locations and do not automatically ensure that these locations are valid for the memory buffer that is being referenced. This can cause read or write operations to be performed on memory locations that may be associated with other variables, data structures, or internal program data.

Modes of Introduction

Phase Note
Implementation

Applicable Platforms

Type Class Name Prevalence
Language C
Language C++
Language Assembly

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-118 Incorrect Access of Indexable Resource ('Range Error') Class Simple Incomplete
CWE-700 Seven Pernicious Kingdoms Incomplete CWE-20 Improper Input Validation Class Simple Stable

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-8 Buffer Overflow in an API Call CWE-119
CAPEC-9 Buffer Overflow in Local Command-Line Utilities CWE-119
CAPEC-10 Buffer Overflow via Environment Variables CWE-119
CAPEC-14 Client-side Injection-induced Buffer Overflow CWE-119
CAPEC-24 Filter Failure through Buffer Overflow CWE-119
CAPEC-42 MIME Conversion CWE-119
CAPEC-44 Overflow Binary Resource File CWE-119
CAPEC-45 Buffer Overflow via Symbolic Links CWE-119
CAPEC-46 Overflow Variables and Tags CWE-119
CAPEC-47 Buffer Overflow via Parameter Expansion CWE-119
CAPEC-100 Overflow Buffers CWE-119
CAPEC-123 Buffer Manipulation CWE-119

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date