CWE-124: Buffer Underwrite ('Buffer Underflow') (buffer underrun)

CWE-124: Buffer Underwrite ('Buffer Underflow') (buffer underrun) | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.

Vulnerable example

char* trimTrailingWhitespace(char *strMessage, int length) {

However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer.

The following is an example of code that may result in a buffer underwrite. This code is attempting to replace the substring "Replace Me" in destBuf with the string stored in srcBuf. It does so by using the function strstr(), which returns a pointer to the found substring in destBuf. Using pointer arithmetic, the starting index of the substring is found.

Vulnerable example

int main() {

In the case where the substring is not found in destBuf, strstr() will return NULL, causing the pointer arithmetic to be undefined, potentially setting the value of idx to a negative number. If idx is negative, this will result in a buffer underwrite of destBuf.

CWE-124: Buffer Underwrite ('Buffer Underflow')

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Automated Dynamic Analysis

Code examples

Illustrative examples

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-124?

What CVEs are caused by CWE-124?

How do you prevent CWE-124?

How is CWE-124 detected?

What are the consequences of CWE-124?

Is CWE-124 actively exploited?

References

Stay ahead of CWE-124

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Automated Dynamic Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Related

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-124?

What CVEs are caused by CWE-124?

How do you prevent CWE-124?

How is CWE-124 detected?

What are the consequences of CWE-124?

Is CWE-124 actively exploited?

References

Stay ahead of CWE-124