VariantIncomplete

CWE-785Use of Path Manipulation Function without Maximum-sized Buffer

Category: memory

Description

The product invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX. Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.

Common consequences· 1

  • Integrity / Confidentiality / Availability — Modify Memory, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart

Potential mitigations· 1

  • [Implementation]Always specify output buffers large enough to handle the maximum-size possible result from path manipulation functions.

References

  1. https://cwe.mitre.org/data/definitions/785.html

(incoming)1

TypeTargetConfidenceTier
KEVEntryCisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerabilitykev-cve-2022-206990%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Integer Overflow to Buffer Overflow
CWE
Path Equivalence: 'fakedir/../realdir/filename'
CWE
Path Traversal: '.../...//'
CWE
Path Traversal: 'dir/../../filename'
CWE
Path Traversal: '/dir/../filename'
CWE
Path Traversal: '....//'
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.