CWE-680 整数溢出导致缓冲区溢出

  • A+
所属分类:CWE(弱点枚举)

CWE-680 整数溢出导致缓冲区溢出

Integer Overflow to Buffer Overflow

结构: Chain

Abstraction: Compound

状态: Draft

被利用可能性: unkown

基本描述

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

相关缺陷

  • cwe_Nature: StartsWith cwe_CWE_ID: 190 cwe_View_ID: 709 cwe_Chain_ID: 680

  • cwe_Nature: ChildOf cwe_CWE_ID: 119 cwe_View_ID: 1000 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Integrity', 'Availability', 'Confidentiality'] ['Modify Memory', 'DoS: Crash, Exit, or Restart', 'Execute Unauthorized Code or Commands']

分析过的案例

标识 说明 链接

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CERT C Secure Coding INT30-C Imprecise Ensure that unsigned integer operations do not wrap
CERT C Secure Coding INT32-C Imprecise Ensure that operations on signed integers do not result in overflow
CERT C Secure Coding MEM35-C CWE More Abstract Allocate sufficient memory for an object

相关攻击模式

  • CAPEC-10
  • CAPEC-100
  • CAPEC-14
  • CAPEC-24
  • CAPEC-45
  • CAPEC-46
  • CAPEC-47
  • CAPEC-67
  • CAPEC-8
  • CAPEC-9
  • CAPEC-92

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: