CompoundDraft

CWE-680Integer Overflow to Buffer Overflow

Category: memory

Description

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Common consequences· 1

  • Integrity / Availability / Confidentiality — Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands

Related CAPEC attack patterns· 11

CAPEC-10CAPEC-100CAPEC-14CAPEC-24CAPEC-45CAPEC-46CAPEC-47CAPEC-67CAPEC-8CAPEC-9CAPEC-92

References

  1. https://cwe.mitre.org/data/definitions/680.html

Exploits (incoming)11

TypeTargetConfidenceTier
AttackPatternBuffer Overflow via Environment Variablescapec-10100%live
AttackPatternClient-side Injection-induced Buffer Overflowcapec-14100%live
AttackPatternBuffer Overflow via Symbolic Linkscapec-45100%live
AttackPatternString Format Overflow in syslog()capec-67100%live
AttackPatternForced Integer Overflowcapec-92100%live
AttackPatternOverflow Variables and Tagscapec-46100%live
AttackPatternBuffer Overflow in Local Command-Line Utilitiescapec-9100%live
AttackPatternBuffer Overflow via Parameter Expansioncapec-47100%live
AttackPatternOverflow Bufferscapec-100100%live
AttackPatternFilter Failure through Buffer Overflowcapec-24100%live
AttackPatternBuffer Overflow in an API Callcapec-8100%live

(incoming)7

TypeTargetConfidenceTier
VulnerabilityCVE-2025-20263cve-2025-202630%live
VulnerabilityCVE-2025-32468cve-2025-324680%live
VulnerabilityCVE-2025-46407cve-2025-464070%live
VulnerabilityCVE-2025-52456cve-2025-524560%live
VulnerabilityCVE-2025-52930cve-2025-529300%live
VulnerabilityCVE-2025-53510cve-2025-535100%live
VulnerabilityCVE-2025-54952cve-2025-549520%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Incorrect Calculation of Buffer Size
CWE
Buffer Access with Incorrect Length Value
CWE
Buffer Over-read
CWE
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE
Buffer Access Using Size of Source Buffer
CWE
Use of Out-of-range Pointer Offset
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.