Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-92:Forced Integer Overflow
Attack Pattern ID:92
Version:v3.9
Attack Pattern Name:Forced Integer Overflow
Abstraction:Detailed
Status:Draft
Likelihood of Attack:High
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
7Weaknesses found
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ShareView Details
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Likelihood of Exploit-High
Mapping-Allowed-with-Review
Abstraction-Base
Found in4125CVEs

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Impacts-
DoS: Crash, Exit, or RestartDoS: Resource Consumption (CPU)Execute Unauthorized Code or CommandsModify Memory
Tags-
High exploitEnvironment HardeningSandbox or JailLibraries or FrameworksInput ValidationEnforcement by ConversionLanguage SelectionAssemblyExecute Unauthorized Code or Commands (impact)DoS: Resource Consumption (CPU) (impact)DoS: Crash, Exit, or Restart (impact)Modify Memory (impact)
As Seen In-
CWE Cross-section
CWE-122
Heap-based Buffer Overflow
ShareView Details
Heap-based Buffer Overflow
Likelihood of Exploit-High
Mapping-Allowed
Abstraction-Variant
Found in2190CVEs

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Impacts-
DoS: Resource Consumption (CPU)Modify MemoryOtherBypass Protection MechanismDoS: Crash, Exit, or RestartExecute Unauthorized Code or CommandsDoS: Resource Consumption (Memory)
Tags-
High exploitEnvironment HardeningLibraries or FrameworksExecute Unauthorized Code or Commands (impact)Other (impact)DoS: Resource Consumption (CPU) (impact)Bypass Protection Mechanism (impact)DoS: Crash, Exit, or Restart (impact)DoS: Resource Consumption (Memory) (impact)Modify Memory (impact)
As Seen In-
Not Available
CWE-128
Wrap-around Error
ShareView Details
Wrap-around Error
Likelihood of Exploit-Medium
Mapping-Allowed
Abstraction-Base
Found in2CVEs

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

Impacts-
DoS: Resource Consumption (CPU)Modify MemoryDoS: InstabilityBypass Protection MechanismDoS: Crash, Exit, or RestartExecute Unauthorized Code or CommandsDoS: Resource Consumption (Memory)
Tags-
Medium exploitExecute Unauthorized Code or Commands (impact)DoS: Resource Consumption (CPU) (impact)Bypass Protection Mechanism (impact)DoS: Crash, Exit, or Restart (impact)DoS: Resource Consumption (Memory) (impact)DoS: Instability (impact)Modify Memory (impact)
As Seen In-
Not Available
CWE-190
Integer Overflow or Wraparound
ShareView Details
Integer Overflow or Wraparound
Likelihood of Exploit-Medium
Mapping-Allowed
Abstraction-Base
Found in3099CVEs

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Impacts-
DoS: Resource Consumption (CPU)Modify MemoryAlter Execution LogicDoS: InstabilityBypass Protection MechanismDoS: Crash, Exit, or RestartExecute Unauthorized Code or CommandsDoS: Resource Consumption (Memory)
Tags-
Medium exploitLibraries or FrameworksInput ValidationCompilation or Build HardeningLanguage SelectionExecute Unauthorized Code or Commands (impact)DoS: Resource Consumption (CPU) (impact)Bypass Protection Mechanism (impact)DoS: Crash, Exit, or Restart (impact)DoS: Resource Consumption (Memory) (impact)DoS: Instability (impact)Alter Execution Logic (impact)Modify Memory (impact)
As Seen In-
2019 CWE Top 25 Most Dangerous Software Errors2021 CWE Top 25 Most Dangerous Software2020 CWE Top 25 Most Dangerous Software2022 CWE Top 25 Most Dangerous Software2023 CWE Top 25 Most Dangerous Software2024 CWE Top 25 Most Dangerous SoftwareCWE Cross-section
CWE-196
Unsigned to Signed Conversion Error
ShareView Details
Unsigned to Signed Conversion Error
Likelihood of Exploit-Medium
Mapping-Allowed
Abstraction-Variant
Found in5CVEs

The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.

Impacts-
DoS: Crash, Exit, or RestartExecute Unauthorized Code or CommandsBypass Protection MechanismModify Memory
Tags-
Medium exploitExecute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)DoS: Crash, Exit, or Restart (impact)Modify Memory (impact)
As Seen In-
Not Available
CWE-680
Integer Overflow to Buffer Overflow
ShareView Details
Integer Overflow to Buffer Overflow
Likelihood of Exploit-Not Available
Mapping-Discouraged
Abstraction-Compound
Found in103CVEs

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Impacts-
DoS: Crash, Exit, or RestartExecute Unauthorized Code or CommandsModify Memory
Tags-
Execute Unauthorized Code or Commands (impact)DoS: Crash, Exit, or Restart (impact)Modify Memory (impact)
As Seen In-
Not Available
CWE-697
Incorrect Comparison
ShareView Details
Incorrect Comparison
Likelihood of Exploit-Not Available
Mapping-Discouraged
Abstraction-Pillar
Found in145CVEs

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Impacts-
Varies by Context
Tags-
Varies by Context (impact)
As Seen In-
Research ConceptsSimplified Mapping of Published Vulnerabilities