BaseIncomplete

CWE-805Buffer Access with Incorrect Length Value

Category: memory

Description

The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. When the length value exceeds the size of the destination, a buffer overflow could occur.

Common consequences· 2

  • Integrity / Confidentiality / Availability — Read Memory, Modify Memory, Execute Unauthorized Code or Commands
    Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. This can often be used to subvert any other security service.
  • Availability — Modify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU)
    Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.

Potential mitigations· 5

  • [Requirements]
  • [Architecture and Design]
  • [Operation, Build and Compilation]
  • [Implementation]
  • [Architecture and Design]For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Related CAPEC attack patterns· 2

CAPEC-100CAPEC-256

References

  1. https://cwe.mitre.org/data/definitions/805.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternSOAP Array Overflowcapec-256100%live
AttackPatternOverflow Bufferscapec-100100%live

(incoming)4

TypeTargetConfidenceTier
VulnerabilityCVE-2025-20315cve-2025-203150%live
VulnerabilityCVE-2025-23318cve-2025-233180%live
VulnerabilityCVE-2025-23319cve-2025-233190%live
VulnerabilityCVE-2026-34002cve-2026-340020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Buffer Access Using Size of Source Buffer
CWE
Incorrect Calculation of Buffer Size
CWE
Integer Overflow to Buffer Overflow
CWE
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE
Access of Memory Location After End of Buffer
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.