Detailedlikelihood: Mediumseverity: HighDraft

CAPEC-14Client-side Injection-induced Buffer Overflow

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
High

Description

This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads.

Related weaknesses· 8

CWE-120CWE-353CWE-118CWE-119CWE-74CWE-20CWE-680CWE-697

Related attack patterns· 1

CAPEC-100 (ChildOf)

Exploits8

TypeTargetConfidenceTier
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-119100%live
WeaknessMissing Support for Integrity Checkcwe-353100%live
WeaknessIncorrect Access of Indexable Resource ('Range Error')cwe-118100%live
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live
WeaknessInteger Overflow to Buffer Overflowcwe-680100%live
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-120100%live
WeaknessIncorrect Comparisoncwe-697100%live
WeaknessImproper Input Validationcwe-20100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Overflow Buffers
CAPEC
Buffer Manipulation
CAPEC
Buffer Overflow in an API Call
CAPEC
Buffer Overflow via Parameter Expansion
CAPEC
Cross-Site Scripting (XSS)
CAPEC
Overread Buffers
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.