Detailedlikelihood: Highseverity: HighDraft

CAPEC-8Buffer Overflow in an API Call

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable libraries or shared code can easily target software that makes use of these libraries. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.

Related weaknesses· 8

CWE-120CWE-119CWE-118CWE-74CWE-20CWE-680CWE-733CWE-697

Related attack patterns· 1

CAPEC-100 (ChildOf)

Exploits8

TypeTargetConfidenceTier
WeaknessIncorrect Access of Indexable Resource ('Range Error')cwe-118100%live
WeaknessImproper Input Validationcwe-20100%live
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-120100%live
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-119100%live
WeaknessIncorrect Comparisoncwe-697100%live
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live
WeaknessCompiler Optimization Removal or Modification of Security-critical Codecwe-733100%live
WeaknessInteger Overflow to Buffer Overflowcwe-680100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Overflow Buffers
CAPEC
Buffer Manipulation
CAPEC
Client-side Injection-induced Buffer Overflow
CAPEC
Buffer Overflow via Environment Variables
CAPEC
Buffer Overflow via Parameter Expansion
CAPEC
Overread Buffers
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.