CWE-124 Détail

CWE-124

Nom

Buffer Underwrite ('Buffer Underflow')

Probabilité

Moyen

Statut

Incomplete

Publié

2006-07-19
00h00 +00:00

Modifié

2024-02-29
00h00 +00:00

Liens officiels

CWE Mitre.org

Notifications pour un CWE

Restez informé de toutes modifications pour un CWE spécifique.

Gestion des notifications

Liste des Notifications

Notifications pour un CWE

Restez informé de toutes modifications pour un CWE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

Spécifiez le CWE ID que vous désirez surveiller.

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

Nom: Buffer Underwrite ('Buffer Underflow')

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

Description du CWE

This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.

Informations générales

Modes d'introduction

Implementation

Plateformes applicables

Langue

Name: C (Undetermined)
Name: C++ (Undetermined)

Conséquences courantes

Portée	Impact	Probabilité
Integrity Availability	Modify Memory, DoS: Crash, Exit, or Restart Note: Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash.
Integrity Confidentiality Availability Access Control Other	Execute Unauthorized Code or Commands, Modify Memory, Bypass Protection Mechanism, Other Note: If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code. If the corrupted memory is data rather than instructions, the system will continue to function with improper changes, possibly in violation of an implicit or explicit policy. The consequences would only be limited by how the affected data is used, such as an adjacent memory location that is used to specify whether the user has special privileges.
Access Control Other	Bypass Protection Mechanism, Other Note: When the consequence is arbitrary code execution, this can often be used to subvert any other security service.

Exemples observés

Références	Description
CVE-2021-24018	buffer underwrite in firmware verification routine allows code execution via a crafted firmware image
CVE-2002-2227	Unchecked length of SSLv2 challenge value leads to buffer underflow.
CVE-2007-4580	Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)
CVE-2007-1584	Buffer underflow from an all-whitespace string, which causes a counter to be decremented before the buffer while looking for a non-whitespace character.
CVE-2007-0886	Buffer underflow resultant from encoded data that triggers an integer overflow.
CVE-2006-6171	Product sets an incorrect buffer size limit, leading to "off-by-two" buffer underflow.
CVE-2006-4024	Negative value is used in a memcpy() operation, leading to buffer underflow.
CVE-2004-2620	Buffer underflow due to mishandled special characters

Mesures d’atténuation potentielles

Phases : Requirements
Choose a language that is not susceptible to these issues.
Phases : Implementation
All calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range.

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

NotesNotes

This could be resultant from several errors, including a bad offset or an array index that decrements before the beginning of the buffer (see CWE-129).

Références

REF-90

Buffer UNDERFLOWS: What do you know about it?
https://seclists.org/vuln-dev/2004/Jan/22

REF-44

24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, John Viega.

Soumission

Nom	Organisation	Date	Date de publication	Version
PLOVER		2006-07-19 +00:00	2006-07-19 +00:00	Draft 3

Modifications

Nom	Organisation	Date	Commentaire
Eric Dalci	Cigital	2008-07-01 +00:00	updated Time_of_Introduction
CWE Content Team	MITRE	2008-09-08 +00:00	updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Description, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities
CWE Content Team	MITRE	2009-01-12 +00:00	updated Common_Consequences
CWE Content Team	MITRE	2009-10-29 +00:00	updated Description, Name, Relationships
CWE Content Team	MITRE	2011-03-29 +00:00	updated Demonstrative_Examples, Relationships
CWE Content Team	MITRE	2011-06-01 +00:00	updated Common_Consequences
CWE Content Team	MITRE	2012-05-11 +00:00	updated Demonstrative_Examples, References, Relationships
CWE Content Team	MITRE	2014-07-30 +00:00	updated Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2017-11-08 +00:00	updated Causal_Nature, Demonstrative_Examples, References
CWE Content Team	MITRE	2020-02-24 +00:00	updated Relationships
CWE Content Team	MITRE	2021-03-15 +00:00	updated Potential_Mitigations
CWE Content Team	MITRE	2021-10-28 +00:00	updated Observed_Examples
CWE Content Team	MITRE	2022-04-28 +00:00	updated Research_Gaps
CWE Content Team	MITRE	2023-01-31 +00:00	updated Description
CWE Content Team	MITRE	2023-04-27 +00:00	updated References, Relationships, Time_of_Introduction
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes
CWE Content Team	MITRE	2024-02-29 +00:00	updated Demonstrative_Examples

Détail du CWE-124