Name Overflow Buffers
Summary Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Prerequisites Targeted software performs buffer operations. Targeted software inadequately performs bounds-checking on buffer operations. Attacker has the capability to influence the input to buffer operations.
Solutions Use a language or compiler that performs automatic bounds checking. Use secure functions not vulnerable to buffer overflow. If you have to use dangerous functions, make sure that you do boundary checking. Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution. Use OS-level preventative functionality. Not a complete solution. Utilize static source code analysis tools to identify potential buffer overflow weaknesses in the software.
Related Weaknesses
CWE ID Description
CWE-19
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-129 Improper Validation of Array Index
CWE-131 Incorrect Calculation of Buffer Size
CWE-680
CWE-805 Buffer Access with Incorrect Length Value
Back to Top