Standardlikelihood: Mediumseverity: HighDraft

CAPEC-231Oversized Serialized Data Payloads

Abstraction
Standard
Status
Draft
Likelihood
Medium
Severity
High

Description

An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution. Metadata: standard CAPEC pattern, status draft, likelihood medium, severity high. Underlying weaknesses: CWE-112, CWE-20, CWE-674, CWE-770. Related CAPEC pattern: [object Object].

Related weaknesses· 4

CWE-112CWE-20CWE-674CWE-770

Related attack patterns· 1

CAPEC-130 (ChildOf)

Exploits4

TypeTargetConfidenceTier
WeaknessMissing XML Validationcwe-112100%live
WeaknessAllocation of Resources Without Limits or Throttlingcwe-770100%live
WeaknessUncontrolled Recursioncwe-674100%live
WeaknessImproper Input Validationcwe-20100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Serialized Data with Nested Payloads
CAPEC
Serialized Data Parameter Blowup
CAPEC
Object Injection
CAPEC
Buffer Overflow via Parameter Expansion
CAPEC
Exponential Data Expansion
CAPEC
Overflow Variables and Tags
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.