CWE•Base•Incomplete•20 recent CVEs
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Description
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Common consequences
- Integrity,Confidentiality,Availability→Modify Memory,Execute Unauthorized Code or CommandsBuffer overflows often can be used to execute arbitrary code, which is usually outside the scope of the product's implicit security policy. This can often be used to subvert any other security service.
- Availability→Modify Memory,DoS: Crash, Exit, or Restart,DoS: Resource Consumption (CPU)Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the product into an infinite loop.
Potential mitigations
- Requirements[object Object]
- Architecture and Design[object Object]
- Operation,Build and Compilation[object Object]
- Implementation[object Object]
- Implementation[object Object]
- Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
- Operation,Build and Compilation[object Object]
- Operation[object Object]
- Build and Compilation,OperationMost mitigating technologies at the compiler or OS level to date address only a subset of buffer overflow problems and rarely provide complete protection against even that subset. It is good practice to implement strategies to increase the workload of an attacker, such as leaving the attacker to guess an unknown value that changes every program execution.
- ImplementationReplace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-115178.82026-06-08CVE-2026-115165.52026-06-08CVE-2019-257419.82026-06-04CVE-2019-257368.42026-06-04CVE-2019-257358.42026-06-04CVE-2019-257338.42026-06-04CVE-2026-306528.82026-06-02CVE-2026-306508.82026-06-02CVE-2026-38716.52026-06-02CVE-2026-38706.52026-06-02CVE-2026-252778.82026-06-01CVE-2026-285807.82026-06-01CVE-2026-00563.32026-06-01CVE-2018-254328.42026-06-01CVE-2026-102755.02026-06-01CVE-2026-101648.82026-05-31CVE-2026-101638.82026-05-31CVE-2026-101268.82026-05-30CVE-2018-254267.52026-05-30CVE-2018-254236.22026-05-30