Category: Memory Buffer Errors
Draft
Summary
Weaknesses in this category are related to the handling of memory buffers within a software system.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | This vulnerability occurs when a program copies data from one memory location to another without first verifying that the source data will fit within the destination buffer's allocated space. |
| CWE-124 | Buffer Underwrite ('Buffer Underflow') | A buffer underwrite, also known as buffer underflow, happens when a program writes data to a memory location before the official start of a buffer. |
| CWE-125 | Out-of-bounds Read | An out-of-bounds read occurs when software accesses memory outside the boundaries of a buffer, array, or similar data structure, reading data it wasn't intended to see. |
| CWE-1284 | Improper Validation of Specified Quantity in Input | This vulnerability occurs when an application accepts user input meant to define a quantity—like a number, size, or count—but fails to properly check if that value is safe and reasonable before using it. |
| CWE-131 | Incorrect Calculation of Buffer Size | This vulnerability occurs when a program miscalculates the amount of memory needed for a buffer, potentially leading to a buffer overflow that can crash the software or allow attackers to execute malicious code. |
| CWE-786 | Access of Memory Location Before Start of Buffer | This vulnerability occurs when software attempts to read from or write to a memory location positioned before the official start of a buffer. |
| CWE-787 | Out-of-bounds Write | This vulnerability occurs when software incorrectly writes data outside the boundaries of its allocated memory buffer, either beyond the end or before the beginning. |
| CWE-788 | Access of Memory Location After End of Buffer | This vulnerability occurs when software attempts to read from or write to a memory buffer using an index or pointer that points past the buffer's allocated boundary. |
| CWE-805 | Buffer Access with Incorrect Length Value | This vulnerability occurs when software reads from or writes to a buffer using a loop or sequential operation, but mistakenly calculates or provides an incorrect length value. This incorrect length causes the operation to access memory outside the buffer's allocated boundaries. |
| CWE-699 | Software Development | This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.