CWE-785
Use of Path Manipulation Function without Maximum-sized Buffer
Incomplete
2009-07-27
00h00 +00:00
00h00 +00:00
2023-06-29
00h00 +00:00
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Use of Path Manipulation Function without Maximum-sized Buffer
The product invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.
Description du CWE
Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.
Informations générales
Informations de base
Windows provides a large number of utility functions that manipulate buffers containing filenames. In most cases, the result is returned in a buffer that is passed in as input. (Usually the filename is modified in place.) Most functions require the buffer to be at least MAX_PATH bytes in length, but you should check the documentation for each function individually. If the buffer is not large enough to store the result of the manipulation, a buffer overflow can occur.Modes d'introduction
ImplementationPlateformes applicables
Langue
Name: C (Undetermined)Name: C++ (Undetermined)
Conséquences courantes
| Portée | Impact | Probabilité |
|---|---|---|
| Integrity Confidentiality Availability | Modify Memory, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart |
Mesures d’atténuation potentielles
Phases : ImplementationAlways specify output buffers large enough to handle the maximum-size possible result from path manipulation functions.
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
NotesNotes
This entry is at a much lower level of abstraction than most entries because it is function-specific. It also has significant overlap with other entries that can vary depending on the perspective. For example, incorrect usage could trigger either a stack-based overflow (CWE-121) or a heap-based overflow (CWE-122). The CWE team has not decided how to handle such entries.Références
REF-6
Seven Pernicious Kingdoms: A Taxonomy of Software Security ErrorsKatrina Tsipenyuk, Brian Chess, Gary McGraw.
https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf
Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| 7 Pernicious Kingdoms | 1.5 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| KDM Analytics | added/updated white box definitions | ||
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| KDM Analytics | Improved the White_Box_Definition | ||
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Affected_Resources, Demonstrative_Examples, Relationships, White_Box_Definitions | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Maintenance_Notes | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
