BaseIncomplete
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Category: memory
Description
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Common consequences· 2
- Integrity / Confidentiality / Availability — Modify Memory, Execute Unauthorized Code or CommandsBuffer overflows often can be used to execute arbitrary code, which is usually outside the scope of the product's implicit security policy. This can often be used to subvert any other security service.
- Availability — Modify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU)Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the product into an infinite loop.
Potential mitigations· 5
- [Requirements]
- [Architecture and Design]
- [Operation, Build and Compilation]
- [Implementation]
- [Implementation]
Related CAPEC attack patterns· 13
References
Exploits (incoming)12
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Buffer Overflow in an API Callcapec-8 | 100% | live |
| AttackPattern | Buffer Overflow via Parameter Expansioncapec-47 | 100% | live |
| AttackPattern | Overflow Bufferscapec-100 | 100% | live |
| AttackPattern | String Format Overflow in syslog()capec-67 | 100% | live |
| AttackPattern | Overflow Binary Resource Filecapec-44 | 100% | live |
| AttackPattern | Client-side Injection-induced Buffer Overflowcapec-14 | 100% | live |
| AttackPattern | Filter Failure through Buffer Overflowcapec-24 | 100% | live |
| AttackPattern | Buffer Overflow in Local Command-Line Utilitiescapec-9 | 100% | live |
| AttackPattern | Buffer Overflow via Environment Variablescapec-10 | 100% | live |
| AttackPattern | MIME Conversioncapec-42 | 100% | live |
| AttackPattern | Overflow Variables and Tagscapec-46 | 100% | live |
| AttackPattern | Forced Integer Overflowcapec-92 | 100% | live |
Compliance frameworks addressing this (incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | iso27001-a.8.23 | 100% | live |
(incoming)137
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-0960cve-2025-0960 | 0% | live |
| Vulnerability | CVE-2025-10034cve-2025-10034 | 0% | live |
| Vulnerability | CVE-2025-10120cve-2025-10120 | 0% | live |
| Vulnerability | CVE-2025-10169cve-2025-10169 | 0% | live |
| Vulnerability | CVE-2025-10170cve-2025-10170 | 0% | live |
| Vulnerability | CVE-2025-10171cve-2025-10171 | 0% | live |
| Vulnerability | CVE-2025-10172cve-2025-10172 | 0% | live |
| Vulnerability | CVE-2025-10385cve-2025-10385 | 0% | live |
| Vulnerability | CVE-2025-10443cve-2025-10443 | 0% | live |
| Vulnerability | CVE-2025-10666cve-2025-10666 | 0% | live |
| Vulnerability | CVE-2025-10756cve-2025-10756 | 0% | live |
| Vulnerability | CVE-2025-10757cve-2025-10757 | 0% | live |
| Vulnerability | CVE-2025-10792cve-2025-10792 | 0% | live |
| Vulnerability | CVE-2025-10803cve-2025-10803 | 0% | live |
| Vulnerability | CVE-2025-10815cve-2025-10815 | 0% | live |
| Vulnerability | CVE-2025-10838cve-2025-10838 | 0% | live |
| Vulnerability | CVE-2025-10942cve-2025-10942 | 0% | live |
| Vulnerability | CVE-2025-10948cve-2025-10948 | 0% | live |
| Vulnerability | CVE-2025-10953cve-2025-10953 | 0% | live |
| Vulnerability | CVE-2025-11091cve-2025-11091 | 0% | live |
| Vulnerability | CVE-2025-11117cve-2025-11117 | 0% | live |
| Vulnerability | CVE-2025-11120cve-2025-11120 | 0% | live |
| Vulnerability | CVE-2025-11293cve-2025-11293 | 0% | live |
| Vulnerability | CVE-2025-11294cve-2025-11294 | 0% | live |
| Vulnerability | CVE-2025-11295cve-2025-11295 | 0% | live |
| Vulnerability | CVE-2025-11296cve-2025-11296 | 0% | live |
| Vulnerability | CVE-2025-11297cve-2025-11297 | 0% | live |
| Vulnerability | CVE-2025-11299cve-2025-11299 | 0% | live |
| Vulnerability | CVE-2025-11300cve-2025-11300 | 0% | live |
| Vulnerability | CVE-2025-11301cve-2025-11301 | 0% | live |
Showing top 30 of 137 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.