Detailedseverity: HighDraft

CAPEC-256SOAP Array Overflow

Abstraction
Detailed
Status
Draft
Severity
High

Description

An attacker sends a SOAP request with an array whose actual length exceeds the length indicated in the request. If the server processing the transmission naively trusts the specified size, then an attacker can intentionally understate the size of the array, possibly resulting in a buffer overflow if the server attempts to read the entire data set into the memory it allocated for a smaller array.

Related weaknesses· 1

CWE-805

Related attack patterns· 1

CAPEC-100 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessBuffer Access with Incorrect Length Valuecwe-805100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
SOAP Array Blowup
CAPEC
SOAP Manipulation
CAPEC
Overflow Buffers
CAPEC
SQL Injection through SOAP Parameter Tampering
CAPEC
Buffer Overflow via Parameter Expansion
CAPEC
Filter Failure through Buffer Overflow
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.