CWE-SANS-Top-25/Risky-resource-management/CWE-120
Jump to navigation
Jump to search
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Description
Buffer overflow consists of exploiting an improperly controlled field/variable to overflow its maximum capacity. It is a well-known problem in C language.
Risk measurement
| Weakness Prevalence | High |
|---|---|
| Remediation Cost | Low |
| Attack Frequency | Often |
| Consequences | Code execution, Denial of service, Data loss |
| Ease of Detection | Easy |
| Attacker Awareness | High |