|Name ||Overflow Variables and Tags |
|Summary ||This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow. |
|Prerequisites ||The target program consumes user-controllable data in the form of tags or variables.
The target program does not perform sufficient boundary checking. |
|Solutions ||Use a language or compiler that performs automatic bounds checking.
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
Use OS-level preventative functionality. Not a complete solution.
Do not trust input data from user. Validate all user input. |
|CWE ID ||Description |
|CWE-20 ||Improper Input Validation |
|CWE-74 ||Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|CWE-118 ||Improper Access of Indexable Resource ('Range Error') |
|CWE-119 ||Improper Restriction of Operations within the Bounds of a Memory Buffer |
|CWE-120 ||Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|CWE-680 || |
|CWE-697 ||Insufficient Comparison |
|CWE-733 ||Compiler Optimization Removal or Modification of Security-critical Code |