Detailedlikelihood: Highseverity: HighDraft

CAPEC-24Filter Failure through Buffer Overflow

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).

Related weaknesses· 8

CWE-120CWE-119CWE-118CWE-74CWE-20CWE-680CWE-733CWE-697

Related attack patterns· 1

CAPEC-100 (ChildOf)

Exploits8

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-20100%live
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live
WeaknessIncorrect Access of Indexable Resource ('Range Error')cwe-118100%live
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-120100%live
WeaknessCompiler Optimization Removal or Modification of Security-critical Codecwe-733100%live
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-119100%live
WeaknessIncorrect Comparisoncwe-697100%live
WeaknessInteger Overflow to Buffer Overflowcwe-680100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Overflow Buffers
CAPEC
Removal of filters: Input filters, output filters, data masking
CAPEC
Buffer Manipulation
CAPEC
Buffer Overflow via Parameter Expansion
CAPEC
SOAP Array Overflow
CAPEC
Client-side Injection-induced Buffer Overflow
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.