Scope | Impact | Likelihood |
---|---|---|
Integrity Confidentiality Availability | Technical Impact: Execute Unauthorized Code or Commands This weakness may lead to a buffer overflow. Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. This can often be used to subvert any other security service. | |
Availability Confidentiality | Technical Impact: Read Memory; DoS: Crash, Exit, or Restart; DoS: Resource Consumption (CPU); DoS: Resource Consumption (Memory) Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop. | |
Confidentiality | Technical Impact: Read Memory In the case of an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffer's position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences. |
Phase: Implementation
Strategy: Input Validation
Phase: Implementation
Strategy: Libraries or Frameworks
Nature | Type | ID | Name |
---|---|---|---|
ChildOf | PillarPillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. | 682 | Incorrect Calculation |
Nature | Type | ID | Name |
---|---|---|---|
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 133 | String Errors |
Phase | Note |
---|---|
Implementation | There are several ways in which improper string length checking may result in an exploitable condition. All of these, however, involve the introduction of buffer overflow conditions in order to reach an exploitable state. The first of these issues takes place when the output of a wide or multi-byte character string, string-length function is used as a size for the allocation of memory. While this will result in an output of the number of characters in the string, note that the characters are most likely not a single byte, as they are with standard character strings. So, using the size returned as the size sent to new or malloc and copying the string to this newly allocated memory will result in a buffer overflow. Another common way these strings are misused involves the mixing of standard string and wide or multi-byte string functions on a single string. Invariably, this mismatched information will result in the creation of a possibly exploitable buffer overflow condition. |
Languages
C (Undetermined Prevalence)
C++ (Undetermined Prevalence)
Example 1
The following example would be exploitable if any of the commented incorrect malloc calls were used.
The output from the printf() statement would be:
Automated Static Analysis
Effectiveness: High
Nature | Type | ID | Name |
---|---|---|---|
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 741 | CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR) |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 857 | The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO) |
MemberOf | ViewView - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). | 884 | CWE Cross-section |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 974 | SFP Secondary Cluster: Incorrect Buffer Length Computation |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1408 | Comprehensive Categorization: Incorrect Calculation |
Usage: ALLOWED
Reason: Acceptable-Use
Rationale:
This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments:
Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
CLASP | Improper string length checking | ||
The CERT Oracle Secure Coding Standard for Java (2011) | FIO10-J | Ensure the array is filled when using read() to fill an array | |
Software Fault Patterns | SFP10 | Incorrect Buffer Length Computation |
Submissions | |||
---|---|---|---|
Submission Date | Submitter | Organization | |
2006年07月19日 (CWE Draft 3, 2006年07月19日) | CLASP | ||
Contributions | |||
Contribution Date | Contributor | Organization | |
2010年01月11日 | Gregory Padgett | Unitrends | |
correction to Demonstrative_Example | |||
Modifications | |||
Modification Date | Modifier | Organization | |
2008年07月01日 | Eric Dalci | Cigital | |
updated Potential_Mitigations, Time_of_Introduction | |||
2008年09月08日 | CWE Content Team | MITRE | |
updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings | |||
2008年11月24日 | CWE Content Team | MITRE | |
updated Relationships, Taxonomy_Mappings | |||
2009年05月27日 | CWE Content Team | MITRE | |
updated Description | |||
2010年02月16日 | CWE Content Team | MITRE | |
updated Demonstrative_Examples, References | |||
2011年06月01日 | CWE Content Team | MITRE | |
updated Common_Consequences, Relationships, Taxonomy_Mappings | |||
2011年06月27日 | CWE Content Team | MITRE | |
updated Common_Consequences | |||
2012年05月11日 | CWE Content Team | MITRE | |
updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings | |||
2012年10月30日 | CWE Content Team | MITRE | |
updated Potential_Mitigations | |||
2014年06月23日 | CWE Content Team | MITRE | |
updated Enabling_Factors_for_Exploitation, Other_Notes | |||
2014年07月30日 | CWE Content Team | MITRE | |
updated Relationships, Taxonomy_Mappings | |||
2017年11月08日 | CWE Content Team | MITRE | |
updated Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Taxonomy_Mappings | |||
2018年03月27日 | CWE Content Team | MITRE | |
updated References | |||
2019年01月03日 | CWE Content Team | MITRE | |
updated Taxonomy_Mappings | |||
2021年03月15日 | CWE Content Team | MITRE | |
updated References | |||
2023年01月31日 | CWE Content Team | MITRE | |
updated Description | |||
2023年04月27日 | CWE Content Team | MITRE | |
updated Detection_Factors, Relationships | |||
2023年06月29日 | CWE Content Team | MITRE | |
updated Mapping_Notes | |||
2024年07月16日 (CWE 4.15, 2024年07月16日) | CWE Content Team | MITRE | |
updated Common_Consequences | |||
Previous Entry Names | |||
Change Date | Previous Entry Name | ||
2008年04月11日 | Improper String Length Checking | ||
Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.