CWE-806Buffer Access Using Size of Source Buffer

Description

Common consequences· 3

• Availability — Modify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU)
  Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
• Integrity / Confidentiality / Availability — Read Memory, Modify Memory, Execute Unauthorized Code or Commands
  Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy.
• Access Control — Bypass Protection Mechanism
  When the consequence is arbitrary code execution, this can often be used to subvert any other security service.

Potential mitigations· 5

• [Architecture and Design]Use an abstraction library to abstract away risky APIs. Examples include the Safe C String Library (SafeStr) by Viega, and the Strsafe.h library from Microsoft. This is not a complete solution, since many buffer overflows are not related to strings.
• [Operation, Build and Compilation]
• [Implementation]Programmers should adhere to the following rules when allocating and managing their applications memory: Double check that your buffer is as large as you specify. When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string. Check buffer boundaries if calling this function in a loop and make sure there is no danger of writing past the allocated space. Truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
• [Operation, Build and Compilation]
• [Operation]

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.