Out-of-bounds ReadID: 125 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The software reads data past the end, or before the beginning,
of the intended buffer.
Extended DescriptionThis typically occurs when the pointer or its index is incremented or
decremented to a position beyond the bounds of the buffer or when pointer
arithmetic results in a position outside of the valid memory location to
name a few. This may result in corruption of sensitive information, a crash,
or code execution among other things.
Applicable PlatformsLanguage: CLanguage: C++
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
Confidentiality | Read memory | |
Detection MethodsNone
Potential MitigationsNone
Relationships
Related CWE | Type | View | Chain |
---|
CWE-125 ChildOf CWE-890 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In the following code, the method retrieves a value from an array at
a specific array index location that is given as an input parameter to the
method (Demonstrative Example Id DX-100)
Observed Examples
- CVE-2004-0112 : out-of-bounds read due to improper length check
- CVE-2004-0183 : packet with large number of specified elements cause out-of-bounds read.
- CVE-2004-0221 : packet with large number of specified elements cause out-of-bounds read.
- CVE-2004-0184 : out-of-bounds read, resultant from integer underflow
- CVE-2004-1940 : large length value causes out-of-bounds read
- CVE-2004-0421 : malformed image causes out-of-bounds read
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
PLOVER | | Out-of-bounds Read | |
References:
- Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 5: Buffer Overruns." Page 89'. Published on 2010.