CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.6)  

CWE-131: Incorrect Calculation of Buffer Size

 
Incorrect Calculation of Buffer Size
Weakness ID: 131 (Weakness Base)Status: Draft
+ Description

Description Summary

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

C

C++

+ Observed Examples
ReferenceDescription
CVE-2004-1363substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed
CVE-2004-0747substitution overflow: buffer overflow using expansion of environment variables
CVE-2005-2103substitution overflow: buffer overflow using a large number of substitution strings
CVE-2005-3120transformation overflow: product adds extra escape characters to incoming data, but does not account for them in the buffer length
CVE-2003-0899transformation overflow: buffer overflow when expanding ">" to ">", etc.
CVE-2001-0334expansion overflow: buffer overflow using wildcards
CVE-2001-0248expansion overflow: long pathname + glob = overflow
CVE-2001-0249expansion overflow: long pathname + glob = overflow
CVE-2002-0184special characters in argument are not properly expanded
CVE-2004-0434small length value leads to heap overflow
CVE-2002-1347multiple variants
CVE-2005-0490needs closer investigation, but probably expansion-based
CVE-2004-0940needs closer investigation, but probably expansion-based
+ Potential Mitigations
PhaseDescription

Check the parameter types of your allocation function and the size of the memory unit.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
CanPrecedeWeakness ClassWeakness Class119Failure to Constrain Operations within the Bounds of a Memory Buffer
Development Concepts699
Research Concepts1000
ChildOfWeakness ClassWeakness Class682Incorrect Calculation
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory742CERT C Secure Coding Section 08 - Memory Management (MEM)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVEROther length calculation error
CERT C Secure CodingMEM35-CAllocate sufficient memory for an object
+ Maintenance Notes

This is a broad category. Some examples include: (1) simple math errors, (2) incorrectly updating parallel counters, (3) not accounting for size differences when "transforming" one input to another format (e.g. URL canonicalization or other transformation that can generate a result that's larger than the original input, i.e. "expansion").

This level of detail is rarely available in public reports, so it is difficult to find good examples.

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Applicable Platforms, Maintenance Notes, Relationships, Taxonomy Mappings, Type
2008-10-14CWE Content TeamMITREInternal
updated Relationships
2008-11-24CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
Back to top
Page Last Updated: October 29, 2009
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us