CWE-680: Integer Overflow to Buffer Overflow

ID CWE-680

Abstraction Compound

Structure Chain

Status Draft

Number of CVEs 84

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-709	Named Chains	Incomplete	CWE-190	Integer Overflow or Wraparound	Base	Simple	Stable
CWE-1000	Research Concepts	Draft	CWE-190	Integer Overflow or Wraparound	Base	Simple	Stable

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-8	Buffer Overflow in an API Call	CWE-680
CAPEC-9	Buffer Overflow in Local Command-Line Utilities	CWE-680
CAPEC-10	Buffer Overflow via Environment Variables	CWE-680
CAPEC-14	Client-side Injection-induced Buffer Overflow	CWE-680
CAPEC-24	Filter Failure through Buffer Overflow	CWE-680
CAPEC-45	Buffer Overflow via Symbolic Links	CWE-680
CAPEC-46	Overflow Variables and Tags	CWE-680
CAPEC-47	Buffer Overflow via Parameter Expansion	CWE-680
CAPEC-67	String Format Overflow in syslog()	CWE-680
CAPEC-92	Forced Integer Overflow	CWE-680
CAPEC-100	Overflow Buffers	CWE-680

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date