CWE-128 超界折返处理错误

admin 2022年1月2日04:15:16CWE(弱点枚举)评论25 views2439字阅读8分7秒阅读模式

CWE-128 超界折返处理错误

Wrap-around Error

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: Medium

基本描述

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 682 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 682 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: CanPrecede cwe_CWE_ID: 119 cwe_View_ID: 1000

  • cwe_Nature: PeerOf cwe_CWE_ID: 190 cwe_View_ID: 1000

适用平台

Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Often'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Often'}]

常见的影响

范围 影响 注释
Availability ['DoS: Crash, Exit, or Restart', 'DoS: Resource Consumption (CPU)', 'DoS: Resource Consumption (Memory)', 'DoS: Instability'] This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
Integrity Modify Memory If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
['Confidentiality', 'Availability', 'Access Control'] ['Execute Unauthorized Code or Commands', 'Bypass Protection Mechanism'] This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.

可能的缓解方案

策略:

Requirements specification: The choice could be made to use a language that is not susceptible to these issues.

Architecture and Design

策略:

Provide clear upper and lower bounds on the scale of any protocols designed.

Implementation

策略:

Place sanity checks on all incremented variables to ensure that they remain within reasonable bounds.

示例代码

The following image processing code allocates a table for images.

bad C

img_t table_ptr; /struct containing img data, 10kB each/
int num_imgs;
...
num_imgs = get_num_imgs();
table_ptr = (img_t)malloc(sizeof(img_t)num_imgs);
...

This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119).

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CLASP Wrap-around error
CERT C Secure Coding MEM07-C Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t
Software Fault Patterns SFP1 Glitch in computation

相关攻击模式

  • CAPEC-92

引用

文章来源于互联网:scap中文网

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月2日04:15:16
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  CWE-128 超界折返处理错误 http://cn-sec.com/archives/612880.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: