CWE-680 – Integer Overflow to Buffer Overflow

Read Time:25 Second

Description

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Modes of Introduction:

 

 

Related Weaknesses

CWE-190
CWE-119

 

Consequences

Integrity, Availability, Confidentiality: Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands

 

Potential Mitigations

CVE References

  • CVE-2017-1000121
    • chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).