C or C++ : Tainted buffer underflow

Classification

OWASP ASVS

Configuration Validation, Sanitization and Encoding

PCI DSS 4.0

6.2.4

CWE

CWE-119 CWE-124 CWE-787

CWE/SANS Top 25 2021

CWE-119 CWE-787

Overview

An argument obtained from an unreliable source is used for writing to the buffer. This may lead to a buffer underflow. An attacker is able to overrun the buffer’s boundary and execute an arbitrary code or perform a DoS attack on the system.

References

CWE-124: Buffer Underwrite (‘Buffer Underflow’)

MEDIUM

C or C++ : Tainted buffer underflow

Classification

Overview

References

DerScanner Severity Score

Do you want to fix C or C++ : Tainted buffer underflow in your application?

See also

C or C++ : Dead store

C or C++ : Use after free

C or C++ : va_list uninitialized