[Identify target application] The adversary, with knowledge of vulnerable libraries or shared code modules, identifies a target application or program that makes use of these.
[Find injection vector] The adversary attempts to use the API, and if they can they send a large amount of data to see if the buffer overflow attack really does work.
[Craft overflow content] The adversary crafts the content to be injected based on their knowledge of the vulnerability and their desired outcome. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft a set of content that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries' choosing which points to code injected by the adversary.
[Overflow the buffer] Using the API as the injection vector, the adversary injects the crafted overflow content into the buffer.
Weakness Name | |
---|---|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. |
|
Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
|
Incorrect Access of Indexable Resource ('Range Error') The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files. |
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
|
Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
|
Integer Overflow to Buffer Overflow The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
|
Compiler Optimization Removal or Modification of Security-critical Code The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified. |
|
Incorrect Comparison The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated References | |
CAPEC Content Team | The MITRE Corporation | Updated Description, Execution_Flow | |
CAPEC Content Team | The MITRE Corporation | Updated Skills_Required | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances |