|ID: 787||Date: (C)2012-05-14 (M)2017-11-16|
|Type: weakness||Status: INCOMPLETE|
|Abstraction Type: Base|
The software writes data past the end, or before the beginning,
of the intended buffer.
Extended DescriptionThis typically occurs when the pointer or its index is incremented or
decremented to a position beyond the bounds of the buffer or when pointer
arithmetic results in a position outside of the valid memory location to
name a few. This may result in corruption of sensitive information, a crash,
or code execution among other things.
|IntegrityAvailabilityConfidentiality ||Modify memoryDoS: crash / exit /
restartExecute unauthorized code or
commands || |
|CWE-787 ChildOf CWE-119 ||Weakness ||CWE-1000CWE-699 || |
Demonstrative Examples (Details)
- The following code attempts to save four different identification
numbers into an array.
White Box Definitions None
Black Box Definitions None