DerScanner
Home / Vulnerability Database / C or C++ : Tainted buffer overflow
C/C++

C or C++ : Tainted buffer overflow

Classification

OWASP ASVS
ConfigurationValidation, Sanitization and Encoding
PCI DSS 4.0
6.2.4
CWE
CWE-119CWE-120CWE-121CWE-122CWE-125CWE-787
CWE/SANS Top 25 2011
CWE-120
CWE/SANS Top 25 2021
CWE-119CWE-125CWE-787

Overview

An argument obtained from an unreliable source is used for writing to the buffer. This may lead to a buffer overflow. An attacker is able to overrun the buffer’s boundary and execute an arbitrary code or perform a DoS attack on the system.

References

  1. Buffer overflow
  2. Buffer Overflow Attack Explained with a C Program Example
  3. CWE-120
  4. CWE-121
  5. CWE-122
MEDIUM

DerScanner Severity Score

Do you want to fix C or C++ : Tainted buffer overflow in your application?

See also

C/C++

C or C++ : Dead store

C/C++

C or C++ : Use after free

C/C++

C or C++ : va_list uninitialized