CAPEC-46: Overflow Variables and Tags

Description

This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The adversary crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.

Extended Description

Alternatively, the second certificate could be a signing certificate. Thus the adversary is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attacker's first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will the Certificate Authority set up by the adversary and any certificates that it signs. As a result, the adversary is able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec).

Severity :

High

Possibility :

High

Type :

Detailed

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-8: Buffer Overflow in an API Call Buffer Overflow in an API Call CAPEC-10: Buffer Overflow via Environment Variables Buffer Overflow via Environment Variables CAPEC-100: Overflow Buffers Overflow Buffers

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The target program consumes user-controllable data in the form of tags or variables.
The target program does not perform sufficient boundary checking.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Low An adversary can simply overflow a buffer by inserting a long string into an adversary-modifiable injection vector. The result can be a DoS.
High Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-20: Improper Input Validation

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-118: Incorrect Access of Indexable Resource ('Range Error')

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-680: Integer Overflow to Buffer Overflow

CWE-697: Incorrect Comparison

CWE-733: Compiler Optimization Removal or Modification of Security-critical Code

Visit http://capec.mitre.org/ for more details.