Name | Overflow Variables and Tags |
Summary | This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow. |
Prerequisites | The target program consumes user-controllable data in the form of tags or variables.
The target program does not perform sufficient boundary checking. |
Solutions | Use a language or compiler that performs automatic bounds checking.
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
Use OS-level preventative functionality. Not a complete solution.
Do not trust input data from user. Validate all user input. |
Related Weaknesses |
CWE ID | Description |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-118 | Improper Access of Indexable Resource ('Range Error') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-680 | |
CWE-697 | Insufficient Comparison |
CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|