The first step is exploratory meaning the attacker looks for an integer variable that they can control.
The attacker finds an integer variable that they can write into or manipulate and try to get the value of the integer out of the possible range.
The integer variable is forced to have a value out of range which set its final value to an unexpected value.
The target host acts on the data and unexpected behavior may happen.
Weakness Name | |
---|---|
Integer Overflow or Wraparound The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
|
Wrap-around Error Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value. |
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. |
|
Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
|
Unsigned to Signed Conversion Error The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive. |
|
Integer Overflow to Buffer Overflow The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
|
Incorrect Comparison The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated References | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances, Execution_Flow | |
CAPEC Content Team | The MITRE Corporation | Updated Mitigations, References, Taxonomy_Mappings | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances |