- What is CWE-121?
- A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- What CVEs are caused by CWE-121?
- 3,247 recorded CVEs are attributed to CWE-121, including CVE-2022-20699, CVE-2022-20700, CVE-2022-20701. 18 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- How do you prevent CWE-121?
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- How is CWE-121 detected?
- Fuzzing: Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.
- What are the consequences of CWE-121?
- Exploiting CWE-121 can lead to: Modify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), Execute Unauthorized Code or Commands, Bypass Protection Mechanism.
- Is CWE-121 actively exploited?
- Yes. 18 CWE-121 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 3,247 recorded CVEs.