The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

What CVEs are caused by CWE-124?

34 recorded CVEs are attributed to CWE-124, including CVE-2015-2426, CVE-2026-44631, CVE-2023-25610. 1 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

How do you prevent CWE-124?

Choose a language that is not susceptible to these issues.

How is CWE-124 detected?

Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

What are the consequences of CWE-124?

Exploiting CWE-124 can lead to: Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Other.

Is CWE-124 actively exploited?

Yes. 1 CWE-124 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 34 recorded CVEs.

CWE-124: Buffer Underwrite ('Buffer Underflow') (buffer underrun)

Real-world CVEs

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.

Vulnerable example

char* trimTrailingWhitespace(char *strMessage, int length) {

However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer.

The following is an example of code that may result in a buffer underwrite. This code is attempting to replace the substring "Replace Me" in destBuf with the string stored in srcBuf. It does so by using the function strstr(), which returns a pointer to the found substring in destBuf. Using pointer arithmetic, the starting index of the substring is found.

Vulnerable example

int main() {

In the case where the substring is not found in destBuf, strstr() will return NULL, causing the pointer arithmetic to be undefined, potentially setting the value of idx to a negative number. If idx is negative, this will result in a buffer underwrite of destBuf.

Real-world CVEs

CWE-124: Buffer Underwrite ('Buffer Underflow')

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Automated Dynamic Analysis

Code examples

Illustrative examples

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-124?

What CVEs are caused by CWE-124?

How do you prevent CWE-124?

How is CWE-124 detected?

What are the consequences of CWE-124?

Is CWE-124 actively exploited?

References

Stay ahead of CWE-124

Real-world CVEs

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Automated Dynamic Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Related

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-124?

What CVEs are caused by CWE-124?

How do you prevent CWE-124?

How is CWE-124 detected?

What are the consequences of CWE-124?

Is CWE-124 actively exploited?

References

Stay ahead of CWE-124