CWE•Base•Draft•15 recent CVEs
CWE-131Incorrect Calculation of Buffer Size
Description
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
Common consequences
- Integrity,Availability,Confidentiality→DoS: Crash, Exit, or Restart,Execute Unauthorized Code or Commands,Read Memory,Modify MemoryIf the incorrect calculation is used in the context of memory allocation, then the software may create a buffer that is smaller or larger than expected. If the allocated buffer is smaller than expected, this could lead to an out-of-bounds r
Potential mitigations
- ImplementationWhen allocating a buffer for the purpose of transforming, converting, or encoding an input, allocate enough memory to handle the largest possible encoding. For example, in a routine that converts "&" characters to "&" for HTML entity encoding, the output buffer needs to be at least 5 times as large as the input buffer.
- Implementation[object Object]
- ImplementationPerform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
- Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
- ImplementationWhen processing structured incoming data containing a size field followed by raw data, identify and resolve any inconsistencies between the size field and the actual size of the data (CWE-130).
- ImplementationWhen allocating memory that uses sentinels to mark the end of a data structure - such as NUL bytes in strings - make sure you also include the sentinel in your calculation of the total amount of memory that must be allocated.
- ImplementationReplace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.
- ImplementationUse sizeof() on the appropriate data type to avoid CWE-467.
- ImplementationUse the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity. This will simplify validation and will reduce surprises related to unexpected casting.
- Architecture and Design[object Object]
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-406187.52026-05-13CVE-2026-442236.52026-05-12CVE-2026-433025.52026-05-08CVE-2026-431075.52026-05-06CVE-2026-416762026-04-24CVE-2026-19499.82026-04-24CVE-2026-411972026-04-23CVE-2026-296457.52026-04-20CVE-2026-278209.82026-04-16CVE-2026-209119.82026-04-07CVE-2025-03956.22025-01-22CVE-2024-422595.52024-08-14CVE-2023-67805.32024-01-31CVE-2022-439457.52022-11-04CVE-2014-34682014-06-05