Buffer Errors [CWE-119] — The Hacktivists

1. Description
………………………………

Buffer errors are common for software that performs operations on a memory buffer. Due to the absence or improper validation of input data, an attacker might be able to read or write data outside the intended buffer. This weakness is often referred to as memory corruption. Certain languages allow direct memory addressing and do not automatically ensure that the addressed locations are valid for a buffer that is being referenced. As a result, read and write operations might be performed on memory locations associated with another buffer, variables, data structures, etc.

// Buffer Errors [CWE-119] vulnerable code example
// (c) HTB Research
#include "StdAfx.h"
#include <stdlib.h>
#include <stdio.h>
#include <string>

int main( int argc, char *argv[] )
{
char input_data[20];
printf ("Enter your data: ");
scanf ("%s", input_data);
return 0;
}
// Buffer Errors [CWE-119] vulnerable code example
// (c) HTB Research
#include "StdAfx.h"
#include <stdlib.h>
#include <stdio.h>
#include <string>
#define BUFSIZE 256

int main( int argc, char *argv[] )
{
char *buffer1 = (char *) malloc(BUFSIZE);
char *buffer2 = (char *) malloc(BUFSIZE);
strcpy(buffer1, argv[1]);
free(buffer2);
}
// Buffer Errors [CWE-119] vulnerable code example
// (c) HTB Research
int getValueFromArray(int *array, int len, int index) {
int value;
if (index < len)
{
value = array[index];
}
else
{
printf("Value is: %d\n", array[index]);
value = -1;
}
return value;
}
// Buffer Errors [CWE-119] vulnerable code example
// (c) HTB Research
#include "StdAfx.h"
#include <stdlib.h>
#include <stdio.h>
#include <string>

int main (int argc, char **argv) {
char *items[] = {"item1", "item2", "item3", "item4"};
if (argc!=2)
{
printf("You did not supply index\n");
return 1;
}

int index = atoi(argv[1]);
printf("You selected %s\n", items[index-1]);
return 0;
}

2. Potential impact
………………………………

An attacker who controls the user input can read or write to arbitrary memory locations. As a result, it is possible to obtain potentially sensitive information from memory. It could also cause memory corruption and crash the application or even execute arbitrary code on the target system.

3. Attack patterns
………………………………

An attacker might use the following attack patterns to exploit this weakness:

4. Affected software
………………………………

Software written in languages such as C and C++ that do not perform memory management is potentially vulnerable to this weakness. The core of PHP is written in C. As a result, PHP built-in functions have been susceptible to buffer error vulnerabilities.

5. Severity and CVSS Scoring
……………………………………..

Buffer overflows can result in information disclosure, application or system crash or even execution of arbitrary code. When scoring this weakness, researchers should consider the maximum possible impact from the vulnerability.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
The Hacktivists

The Hacktivists

Contact us for Information Security Services & Training https://thehacktivists.in/