[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. Adversaries often look for applications that accept user input and that perform manual memory management.
[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application's buffer.
[Craft overflow content] The adversary crafts the input to be given to the program. If the intent is to simply cause the software to crash, the input needs only to expand to an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft input that expands in a way that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries' choosing which points to code injected by the adversary.
[Overflow the buffer] Using the injection vector, the adversary gives the crafted input to the program, overflowing the buffer.
Weakness Name | |
---|---|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. |
|
Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
|
Incorrect Access of Indexable Resource ('Range Error') The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files. |
|
Improper Handling of Length Parameter Inconsistency The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. |
|
Incorrect Calculation of Buffer Size The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. |
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
|
Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
|
Integer Overflow to Buffer Overflow The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
|
Incorrect Comparison The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances, Skills_Required | |
CAPEC Content Team | The MITRE Corporation | Updated Description, Execution_Flow | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances, Skills_Required |