CAPEC-100: Overflow Buffers

Description

Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.

Severity :

Very High

Possibility :

High

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-8: Buffer Overflow in an API Call Buffer Overflow in an API Call CAPEC-9: Buffer Overflow in Local Command-Line Utilities Buffer Overflow in Local Command-Line Utilities CAPEC-10: Buffer Overflow via Environment Variables Buffer Overflow via Environment Variables CAPEC-14: Client-side Injection-induced Buffer Overflow Client-side Injection-induced Buffer Overflow CAPEC-24: Filter Failure through Buffer Overflow Filter Failure through Buffer Overflow CAPEC-42: MIME Conversion MIME Conversion CAPEC-44: Overflow Binary Resource File Overflow Binary Resource File CAPEC-45: Buffer Overflow via Symbolic Links Buffer Overflow via Symbolic Links CAPEC-46: Overflow Variables and Tags Overflow Variables and Tags CAPEC-47: Buffer Overflow via Parameter Expansion Buffer Overflow via Parameter Expansion CAPEC-67: String Format Overflow in syslog() String Format Overflow in syslog() CAPEC-123: Buffer Manipulation Buffer Manipulation CAPEC-234: Hijacking a privileged process Hijacking a privileged process CAPEC-256: SOAP Array Overflow SOAP Array Overflow

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Targeted software performs buffer operations.
Targeted software inadequately performs bounds-checking on buffer operations.
Adversary has the capability to influence the input to buffer operations.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Low In most cases, overflowing a buffer does not require advanced skills beyond the ability to notice an overflow and stuff an input variable with content.
High In cases of directed overflows, where the motive is to divert the flow of the program or application as per the adversaries' bidding, high level skills are required. This may involve detailed knowledge of the target system architecture and kernel.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

WASC | Buffer Overflow OWASP Attacks | Buffer overflow attack

Resources required

None: No specialized resources are required to execute this type of attack. Detecting and exploiting a buffer overflow does not require any resources beyond knowledge of and access to the target system.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-129: Improper Validation of Array Index

CWE-131: Incorrect Calculation of Buffer Size

CWE-680: Integer Overflow to Buffer Overflow

CWE-805: Buffer Access with Incorrect Length Value

Visit http://capec.mitre.org/ for more details.