CWE - CWE-131: Incorrect Calculation of Buffer Size (1.0.1)

Home > CWE List > CWE- Individual Dictionary Definition (1.0.1)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-131: Incorrect Calculation of Buffer Size

Individual Definition in a New Window

Incorrect Calculation of Buffer Size

Status: Draft

Weakness ID: 131 (Weakness Base)

Description

Summary

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Potential Mitigations

Check the parameter types of your allocation function and the size of the memory unit.

Observed Examples

Reference	Description
CVE-2001-0248	expansion overflow: long pathname + glob = overflow
CVE-2001-0249	expansion overflow: long pathname + glob = overflow
CVE-2001-0334	expansion overflow: buffer overflow using wildcards
CVE-2002-0184	special characters in argument are not properly expanded
CVE-2002-1347	multiple variants
CVE-2003-0899	transformation overflow: buffer overflow when expanding ">" to ">", etc.
CVE-2004-0434	small length value leads to heap overflow
CVE-2004-0747	substitution overflow: buffer overflow using expansion of environment variables
CVE-2004-0940	needs closer investigation, but probably expansion-based
CVE-2004-1363	substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed
CVE-2005-0490	needs closer investigation, but probably expansion-based
CVE-2005-2103	substitution overflow: buffer overflow using a large number of substitution strings
CVE-2005-3120	transformation overflow: product adds extra escape characters to incoming data, but does not account for them in the buffer length

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Class	682	Incorrect Calculation	Development Concepts (primary)699 Research Concepts (primary)1000
CanPrecede	Weakness Class	119	Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer	Development Concepts699 Research Concepts1000

Taxonomy Mappings

Mapped Taxonomy Name	Mapped Node Name
PLOVER	Other length calculation error

Applicable Platforms

Languages

C++

Time of Introduction

Implementation

Related Attack Patterns

CAPEC-ID	(CAPEC Version 1.1)Attack Pattern Name
47	Buffer Overflow via Parameter Expansion

Maintenance Notes

This is a broad category. Some examples include: (1) simple math errors, (2) incorrectly updating parallel counters, (3) not accounting for size differences when "transforming" one input to another format (e.g. URL canonicalization or other transformation that can generate a result that's larger than the original input, i.e. "expansion").

This level of detail is rarely available in public reports, so it is difficult to find good examples.

Content History

Submissions

PLOVER. (Externally Mined)

Modifications

Eric Dalci. Cigital. 2008-07-01. (External)

updated Potential_Mitigations, Time_of_Introduction

CWE Content Team. MITRE. 2008-09-08. (Internal)

updated Applicable_Platforms, Maintenance_Notes, Relationships, Taxonomy_Mappings, Type

CWE Content Team. MITRE. 2008-10-14. (Internal)

updated Relationships

Previous Entry Names

Other Length Calculation Error (changed 2008-01-30)

Page Last Updated: October 16, 2008


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us