Detailedlikelihood: Highseverity: HighDraft

CAPEC-45Buffer Overflow via Symbolic Links

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.

Related weaknesses· 9

CWE-120CWE-285CWE-302CWE-118CWE-119CWE-74CWE-20CWE-680CWE-697

Related attack patterns· 1

CAPEC-100 (ChildOf)

Exploits9

TypeTargetConfidenceTier
WeaknessIncorrect Comparisoncwe-697100%live
WeaknessAuthentication Bypass by Assumed-Immutable Datacwe-302100%live
WeaknessIncorrect Access of Indexable Resource ('Range Error')cwe-118100%live
WeaknessInteger Overflow to Buffer Overflowcwe-680100%live
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-119100%live
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live
WeaknessImproper Authorizationcwe-285100%live
WeaknessImproper Input Validationcwe-20100%live
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-120100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Leveraging Race Conditions via Symbolic Links
CAPEC
Overflow Buffers
CAPEC
Symlink Attack
CAPEC
Buffer Manipulation
CAPEC
Buffer Overflow via Environment Variables
CAPEC
Overread Buffers
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.