ClassIncomplete

CWE-118Incorrect Access of Indexable Resource ('Range Error')

Category: logic

Description

The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

Common consequences· 1

  • Other — Varies by Context

Related CAPEC attack patterns· 8

CAPEC-10CAPEC-14CAPEC-24CAPEC-45CAPEC-46CAPEC-47CAPEC-8CAPEC-9

References

  1. https://cwe.mitre.org/data/definitions/118.html

Exploits (incoming)8

TypeTargetConfidenceTier
AttackPatternBuffer Overflow in an API Callcapec-8100%live
AttackPatternClient-side Injection-induced Buffer Overflowcapec-14100%live
AttackPatternBuffer Overflow via Symbolic Linkscapec-45100%live
AttackPatternFilter Failure through Buffer Overflowcapec-24100%live
AttackPatternBuffer Overflow in Local Command-Line Utilitiescapec-9100%live
AttackPatternBuffer Overflow via Parameter Expansioncapec-47100%live
AttackPatternOverflow Variables and Tagscapec-46100%live
AttackPatternBuffer Overflow via Environment Variablescapec-10100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE
Use of Out-of-range Pointer Offset
CWE
Improper Validation of Array Index
CWE
Access of Memory Location After End of Buffer
CWE
Buffer Over-read
CWE
Access of Memory Location Before Start of Buffer
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.