CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2025-09-09
Weakness Name
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Description
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Common Consequences
Scope: Integrity, Confidentiality, Availability
Impact: Modify Memory, Execute Unauthorized Code or Commands
Notes: Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of the product's implicit security policy. This can often be used to subvert any other security service.
Scope: Availability
Impact: Modify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU)
Notes: Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the product into an infinite loop.
Related Weaknesses
CWE-20Improper Input ValidationHigh
CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferHigh
Related Alerts
Buffer OverflowMedium