ClassStableTop 25 #20
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
Category: memory
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Common consequences· 3
- Integrity / Confidentiality / Availability — Execute Unauthorized Code or Commands, Modify MemoryIf the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer's worth of memory (usually 32 or 64 bits), they can alter the intended control flow by redirecting a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator.
- Availability / Confidentiality — Read Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
- Confidentiality — Read MemoryIn the case of an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffer's position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences.
Potential mitigations· 5
- [Requirements]
- [Architecture and Design]
- [Operation, Build and Compilation]
- [Implementation]
- [Operation, Build and Compilation]
Related CAPEC attack patterns· 12
References
Exploits (incoming)10
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Client-side Injection-induced Buffer Overflowcapec-14 | 100% | live |
| AttackPattern | Buffer Overflow via Environment Variablescapec-10 | 100% | live |
| AttackPattern | Overflow Binary Resource Filecapec-44 | 100% | live |
| AttackPattern | MIME Conversioncapec-42 | 100% | live |
| AttackPattern | Buffer Overflow in an API Callcapec-8 | 100% | live |
| AttackPattern | Buffer Overflow via Symbolic Linkscapec-45 | 100% | live |
| AttackPattern | Overflow Variables and Tagscapec-46 | 100% | live |
| AttackPattern | Buffer Manipulationcapec-123 | 100% | live |
| AttackPattern | Filter Failure through Buffer Overflowcapec-24 | 100% | live |
| AttackPattern | Buffer Overflow in Local Command-Line Utilitiescapec-9 | 100% | live |
Compliance frameworks addressing this (incoming)6
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | dora-art7 | 100% | live |
| ComplianceControl | cis_v8-7 | 100% | live |
| ComplianceControl | nis2-art21e | 100% | live |
| ComplianceControl | nis2-art21d | 100% | live |
| ComplianceControl | owasp_top10-a06 | 100% | live |
| ComplianceControl | iso27001-a.8.8 | 100% | live |
(incoming)134
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-0349cve-2025-0349 | 0% | live |
| Vulnerability | CVE-2025-0566cve-2025-0566 | 0% | live |
| Vulnerability | CVE-2025-0848cve-2025-0848 | 0% | live |
| Vulnerability | CVE-2025-10034cve-2025-10034 | 0% | live |
| Vulnerability | CVE-2025-10120cve-2025-10120 | 0% | live |
| Vulnerability | CVE-2025-10169cve-2025-10169 | 0% | live |
| Vulnerability | CVE-2025-10170cve-2025-10170 | 0% | live |
| Vulnerability | CVE-2025-10171cve-2025-10171 | 0% | live |
| Vulnerability | CVE-2025-10172cve-2025-10172 | 0% | live |
| Vulnerability | CVE-2025-10385cve-2025-10385 | 0% | live |
| Vulnerability | CVE-2025-10392cve-2025-10392 | 0% | live |
| Vulnerability | CVE-2025-10432cve-2025-10432 | 0% | live |
| Vulnerability | CVE-2025-10443cve-2025-10443 | 0% | live |
| Vulnerability | CVE-2025-10537cve-2025-10537 | 0% | live |
| Vulnerability | CVE-2025-10666cve-2025-10666 | 0% | live |
| Vulnerability | CVE-2025-10756cve-2025-10756 | 0% | live |
| Vulnerability | CVE-2025-10757cve-2025-10757 | 0% | live |
| Vulnerability | CVE-2025-10773cve-2025-10773 | 0% | live |
| Vulnerability | CVE-2025-10779cve-2025-10779 | 0% | live |
| Vulnerability | CVE-2025-10792cve-2025-10792 | 0% | live |
| Vulnerability | CVE-2025-10803cve-2025-10803 | 0% | live |
| Vulnerability | CVE-2025-10815cve-2025-10815 | 0% | live |
| Vulnerability | CVE-2025-10838cve-2025-10838 | 0% | live |
| Vulnerability | CVE-2025-10942cve-2025-10942 | 0% | live |
| Vulnerability | CVE-2025-10948cve-2025-10948 | 0% | live |
| Vulnerability | CVE-2025-10953cve-2025-10953 | 0% | live |
| Vulnerability | CVE-2025-11091cve-2025-11091 | 0% | live |
| Vulnerability | CVE-2025-11117cve-2025-11117 | 0% | live |
| Vulnerability | CVE-2025-11120cve-2025-11120 | 0% | live |
| Vulnerability | CVE-2025-11122cve-2025-11122 | 0% | live |
Showing top 30 of 134 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.