|ID: 125||Date: (C)2012-05-14 (M)2018-07-13|
|Type: weakness||Status: DRAFT|
|Abstraction Type: Base|
The software reads data past the end, or before the beginning,
of the intended buffer.
Extended DescriptionThis typically occurs when the pointer or its index is incremented or
decremented to a position beyond the bounds of the buffer or when pointer
arithmetic results in a position outside of the valid memory location to
name a few. This may result in corruption of sensitive information, a crash,
or code execution among other things.
Applicable PlatformsLanguage: CLanguage: C++
Time Of Introduction
|Confidentiality ||Read memory || |
|CWE-125 ChildOf CWE-890 ||Category ||CWE-888 || |
Demonstrative Examples (Details)
- In the following code, the method retrieves a value from an array at
a specific array index location that is given as an input parameter to the
method (Demonstrative Example Id DX-100)
- CVE-2004-0112 : out-of-bounds read due to improper length check
- CVE-2004-0183 : packet with large number of specified elements cause out-of-bounds read.
- CVE-2004-0221 : packet with large number of specified elements cause out-of-bounds read.
- CVE-2004-0184 : out-of-bounds read, resultant from integer underflow
- CVE-2004-1940 : large length value causes out-of-bounds read
- CVE-2004-0421 : malformed image causes out-of-bounds read
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
|PLOVER || ||Out-of-bounds Read || |
- Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 5: Buffer Overruns." Page 89'. Published on 2010.