CAPEC Details
Name Overflow Buffers
Likelyhood of attack Typical severity
High Very High
Summary Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
Prerequisites Targeted software performs buffer operations. Targeted software inadequately performs bounds-checking on buffer operations. Adversary has the capability to influence the input to buffer operations.
Execution Flow
Step Phase Description Techniques
1 Explore The adversary identifies a buffer to target. Buffer regions are either allotted on the stack or the heap, and the exact nature of attack would vary depending on the location of the buffer
2 Explore Next, the adversary identifies an injection vector to deliver the excessive content to the targeted buffer.
3 Experiment The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft a set of content that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries' choosing which points to code injected by the adversary.
4 Exploit The adversary injects the content into the targeted software.
5 Exploit Upon successful exploitation, the system either crashes or control of the program is returned to a location of the adversaries' choice. This can result in execution of arbitrary code or escalated privileges, depending upon the exploited target.
Solutions Use a language or compiler that performs automatic bounds checking. Use secure functions not vulnerable to buffer overflow. If you have to use dangerous functions, make sure that you do boundary checking. Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution. Use OS-level preventative functionality. Not a complete solution. Utilize static source code analysis tools to identify potential buffer overflow weaknesses in the software.
Related Weaknesses
CWE ID Description
CWE-19 Data Processing Errors
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-129 Improper Validation of Array Index
CWE-131 Incorrect Calculation of Buffer Size
CWE-680 Integer Overflow to Buffer Overflow
CWE-805 Buffer Access with Incorrect Length Value
Related CAPECS
CAPEC ID Description
CAPEC-123 An adversary manipulates an application's interaction with a buffer in an attempt to read or modify data they shouldn't have access to. Buffer attacks are distinguished in that it is the buffer space itself that is the target of the attack rather than any code responsible for interpreting the content of the buffer. In virtually all buffer attacks the content that is placed in the buffer is immaterial. Instead, most buffer attacks involve retrieving or providing more input than can be stored in the allocated buffer, resulting in the reading or overwriting of other unintended program memory.
Taxonomy: WASC
Entry ID Entry Name
07 Buffer Overflow
Taxonomy: OWASP Attacks
Entry ID Entry Name
Link Buffer overflow attack