Analysis and Exploration of Vulnerabilities

Buffer Overflow

According to CAPEC-100

Targets improper or missing bounds checking on buffer operations.

  • Typically triggered by input injected by an adversary.

An adversary is able to write past the boundaries of allocated buffer regions in memory.

Causes a program crash or potentially redirection of execution as per the adversaries' choice.

  • Denial of Service;

  • (Remote) Code Execution.

Scope

CWE-119 is extremely broad as there are many types of BO.

Characteristics of a BO:

  • Type of access: Read or Write.

  • Type of memory: stack, heap.

  • Location: before or after the buffer.

  • Reason: iteration, copy, pointer arithmetic, memory clear, mapping.

PreviousMeltdown TypeNextPopularity decline

Last updated