CWE-121Stack-based Buffer Overflow

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Common consequences

• Availability→Modify Memory,DoS: Crash, Exit, or Restart,DoS: Resource Consumption (CPU),DoS: Resource Consumption (Memory)
  Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
• Integrity,Confidentiality,Availability,Access Control→Modify Memory,Execute Unauthorized Code or Commands,Bypass Protection Mechanism
  Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy.
• Integrity,Confidentiality,Availability,Access Control,Other→Modify Memory,Execute Unauthorized Code or Commands,Bypass Protection Mechanism,Other
  When the consequence is arbitrary code execution, this can often be used to subvert any other security service.

Potential mitigations

• Operation,Build and Compilation
  [object Object]
• Architecture and Design
  Use an abstraction library to abstract away risky APIs. Not a complete solution.
• Implementation
  Implement and perform bounds checking on input.
• Implementation
  Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
• Operation,Build and Compilation
  [object Object]

Related CWEs

Recent CVEs classified under this CWE