CWE-127 缓冲区下溢读取

admin 2022年1月7日02:53:57评论69 views字数 1397阅读4分39秒阅读模式

CWE-127 缓冲区下溢读取

Buffer Under-read

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: unkown

基本描述

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

扩展描述

This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 125 cwe_View_ID: 1000

  • cwe_Nature: ChildOf cwe_CWE_ID: 125 cwe_View_ID: 699

  • cwe_Nature: ChildOf cwe_CWE_ID: 786 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 786 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

范围 影响 注释
Confidentiality Read Memory
Confidentiality Bypass Protection Mechanism By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Buffer under-read
Software Fault Patterns SFP8 Faulty Buffer Access

引用

文章来源于互联网:scap中文网

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月7日02:53:57
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CWE-127 缓冲区下溢读取http://cn-sec.com/archives/612688.html

发表评论

匿名网友 填写信息