• Standard
  • Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
  • 100
  • An attack designed to leverage a buffer overflow and redirect execution as per the adversary's bidding is fairly difficult to detect. An attack aimed solely at bringing the system down is usually preceded by a barrage of long inputs that make no sense. In either case, it is likely that the adversary would have resorted to a few hit-or-miss attempts that will be recorded in the system event logs, if they exist.
  • High
  • Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
  • If you have to use dangerous functions, make sure that you do boundary checking.
  • Use OS-level preventative functionality. Not a complete solution.
  • Use a language or compiler that performs automatic bounds checking.
  • Use secure functions not vulnerable to buffer overflow.
  • Utilize static source code analysis tools to identify potential buffer overflow weaknesses in the software.
  • Overflow Buffers
  • Adversary has the capability to influence the input to buffer operations.
  • Targeted software inadequately performs bounds-checking on buffer operations.
  • Targeted software performs buffer operations.
is ?:relatedAttackPatternCAPECId of
  • None: No specialized resources are required to execute this type of attack. Detecting and exploiting a buffer overflow does not require any resources beyond knowledge of and access to the target system.
  • Draft
  • Very High