Integer Overflow to Buffer Overflow
Compound Element ID: 680 (Compound Element Base: Chain)Status: Draft
+ Description

Description Summary

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
+ Applicable Platforms

Languages

All

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)Named Chain(s) this relationship pertains toChain(s)
StartsWithWeakness BaseWeakness Base190Integer Overflow or Wraparound
Named Chains709
Integer Overflow to Buffer Overflow680
ChildOfWeakness ClassWeakness Class20Improper Input Validation
Research Concepts (primary)1000
+ Relevant Properties
  • Validity
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
8Buffer Overflow in an API Call
9Buffer Overflow in Local Command-Line Utilities
10Buffer Overflow via Environment Variables
14Client-side Injection-induced Buffer Overflow
24Filter Failure through Buffer Overflow
92Forced Integer Overflow
45Buffer Overflow via Symbolic Links
100Overflow Buffers
46Overflow Variables and Tags
47Buffer Overflow via Parameter Expansion
67String Format Overflow in syslog()
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships
2009-03-10CWE Content TeamMITREInternal
updated Related Attack Patterns