Standardlikelihood: Highseverity: Very HighDraft

CAPEC-100Overflow Buffers

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
Very High

Description

Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.

Related weaknesses· 6

CWE-120CWE-119CWE-131CWE-129CWE-805CWE-680

Related attack patterns· 1

CAPEC-123 (ChildOf)

Exploits6

TypeTargetConfidenceTier
WeaknessIncorrect Calculation of Buffer Sizecwe-131100%live
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-120100%live
WeaknessBuffer Access with Incorrect Length Valuecwe-805100%live
WeaknessInteger Overflow to Buffer Overflowcwe-680100%live
WeaknessImproper Validation of Array Indexcwe-129100%live
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-119100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Overread Buffers
CAPEC
Buffer Manipulation
CAPEC
Buffer Overflow via Parameter Expansion
CAPEC
Buffer Overflow via Environment Variables
CAPEC
Filter Failure through Buffer Overflow
CAPEC
Buffer Overflow in an API Call
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.