CWE-124

Buffer Underwrite ('Buffer Underflow')

AI Translation Available

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

Status

incomplete

Abstraction

base

Likelihood

medium

Affected Platforms

C C++ Memory-Unsafe

Technical Details

AI Translation

Common Consequences

integrity availability confidentiality access control other

Impacts

modify memory dos: crash, exit, or restart execute unauthorized code or commands bypass protection mechanism other

Detection Methods

automated static analysis automated dynamic analysis

Potential Mitigations

Phases:

requirements implementation

Descriptions:

• All calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range.

• Choose a language that is not susceptible to these issues.

Functional Areas

memory management

AI Generated Translation

Common Consequences

integrità disponibilità riservatezza controllo degli accessi altro

Impacts

modificare memoria dos: crash, uscita o riavvio eseguire codice o comandi non autorizzati elusione del meccanismo di protezione altro

Detection Methods

analisi statica automatizzata analisi dinamica automatizzata

Potential Mitigations

Phases:

requisiti implementazione

Descriptions:

• Tutti i valori calcolati utilizzati come indice o per l'aritmetica dei puntatori devono essere convalidati per garantire che rientrino in un intervallo previsto.

• Scegli un linguaggio che non sia soggetto a questi problemi.

Functional Areas

gestione della memoria

CWE-124

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Functional Areas

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Functional Areas

Iscriviti alla newsletter