# Buffer Overflow

## According to CAPEC-100

**Targets improper or missing bounds checking on buffer operations.**

* Typically triggered by input injected by an adversary.

An adversary is able to write past the boundaries of allocated buffer regions in memory.

Causes a program crash or potentially redirection of execution as per the adversaries' choice.

* Denial of Service;
* (Remote) Code Execution.

<figure><img src="https://3744219775-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUaTnynVhA2CYjsGJT14j%2Fuploads%2F6A9ALUrKxFtJm3PXRX7x%2F2023-11-25_11-40.png?alt=media&#x26;token=84794625-2021-40d2-91fa-32f370d8f049" alt=""><figcaption></figcaption></figure>

## Scope

CWE-119 is extremely broad as there are many types of BO.

Characteristics of a BO:

* Type of access: Read or Write.
* Type of memory: stack, heap.
* Location: before or after the buffer.
* Reason: iteration, copy, pointer arithmetic, memory clear, mapping.