CWE-127 缓冲区下溢读取
Buffer Under-read
结构: Simple
Abstraction: Variant
状态: Draft
被利用可能性: unkown
基本描述
The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.
扩展描述
This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 125 cwe_View_ID: 1000
-
cwe_Nature: ChildOf cwe_CWE_ID: 125 cwe_View_ID: 699
-
cwe_Nature: ChildOf cwe_CWE_ID: 786 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 786 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}]
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Confidentiality | Read Memory | |
| Confidentiality | Bypass Protection Mechanism | By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service. |
Notes
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Buffer under-read | ||
| Software Fault Patterns | SFP8 | Faulty Buffer Access |