CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

PUBLISHEDweakness recordHigh
released 2006-07-19 · last modified 2026-01-21
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - Diagram

Metadata

CWE ID:
CWE-120
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2026-01-21

名称

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

描述

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

常见后果

范围:
Integrity, Confidentiality, Availability
影响:
Modify Memory, Execute Unauthorized Code or Commands
注释:
Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of the product's implicit security policy. This can often be used to subvert any other security service.
范围:
Availability
影响:
Modify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU)
注释:
Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the product into an infinite loop.

相关 CWE

相关警报