CWE-114Process Control

Description

Common consequences· 1

• Confidentiality / Integrity / Availability — Execute Unauthorized Code or Commands

Potential mitigations· 1

• [Architecture and Design]Libraries that are loaded should be well understood and come from a trusted source. The application can execute code contained in the native libraries, which often contain calls that are susceptible to other security problems, such as buffer overflows or command injection. All native libraries should be validated to determine if the application requires the use of the library. It is very difficult to determine what these native libraries actually do, and the potential for malicious code is high. In addition, the potential for an inadvertent mistake in these native libraries is also high, as many are written in C or C++ and may be susceptible to buffer overflow or race condition problems. To help prevent buffer overflow attacks, validate all input to native calls for content and length. If the native library does not come from a trusted source, review the source code of the library. The library should be built from the reviewed source before using it.

Related CAPEC attack patterns· 2

Exploits (incoming)2

(incoming)5

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.