CWE-680: Integer Overflow to Buffer OverflowWeakness ID: 680 (Structure: Chain)Chain - a Compound Element that is a sequence of two or more separate weaknesses that can be closely linked together within software. One weakness, X, can directly create the conditions that are necessary to cause another weakness, Y, to enter a vulnerable condition. When this happens, CWE refers to X as "primary" to Y, and Y is "resultant" from X. Chains can involve more than two weaknesses, and in some cases, they might have a tree-like structure. Vulnerability Mapping:
DISCOURAGEDThis CWE ID should not be used to map to real-world vulnerabilities
|
Description The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. Common Consequences This table specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.Scope | Impact | Likelihood |
---|
Integrity Availability Confidentiality
| Technical Impact: Modify Memory; DoS: Crash, Exit, or Restart; Execute Unauthorized Code or Commands | |
Relationships Demonstrative Examples Example 1 The following image processing code allocates a table for images. (bad code) Example Language: C
img_t table_ptr; /*struct containing img data, 10kB each*/ int num_imgs; ... num_imgs = get_num_imgs(); table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs); ...
This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119). Observed Examples Reference | Description |
| Chain: in a web browser, an unsigned 64-bit integer is forcibly cast to a 32-bit integer ( CWE-681) and potentially leading to an integer overflow ( CWE-190). If an integer overflow occurs, this can cause heap memory corruption ( CWE-122) |
| chain: unchecked message size metadata allows integer overflow ( CWE-190) leading to buffer overflow ( CWE-119). |
Memberships This MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources. Vulnerability Mapping Notes Usage: DISCOURAGED (this CWE ID should not be used to map to real-world vulnerabilities) | Reason: Other | Rationale: This CWE entry is a named chain, which combines multiple weaknesses. | Comments: Mapping to each separate weakness in the chain would be more precise. |
Taxonomy Mappings Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
CERT C Secure Coding | INT30-C | Imprecise | Ensure that unsigned integer operations do not wrap |
CERT C Secure Coding | INT32-C | Imprecise | Ensure that operations on signed integers do not result in overflow |
CERT C Secure Coding | MEM35-C | CWE More Abstract | Allocate sufficient memory for an object |
More information is available — Please edit the custom filter or select a different filter.
|