CWE - CWE-788: Access of Memory Location After End of Buffer (2.1)

Home > CWE List > CWE- Individual Dictionary Definition (2.1)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS
CWRAF
T-Shirt

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Coverage Claims Representation
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-788: Access of Memory Location After End of Buffer

Access of Memory Location After End of Buffer

Weakness ID: 788 (Weakness Base)

Status: Incomplete

Description

Description Summary

The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

Extended Description

This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. These problems may be resultant from missing sentinel values (CWE-463) or trusting a user-influenced input length variable.

Common Consequences

Scope	Effect
Confidentiality Integrity Availability	Technical Impact: Read memory; Modify memory; DoS: crash / exit / restart; Execute unauthorized code or commands

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Class	119	Improper Restriction of Operations within the Bounds of a Memory Buffer	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	121	Stack-based Buffer Overflow	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	122	Heap-based Buffer Overflow	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	126	Buffer Over-read	Development Concepts (primary)699 Research Concepts (primary)1000

Content History

Submissions
Submission Date	Submitter	Organization	Source
2009-10-21		MITRE	Internal CWE Team
2009-10-21
Modifications
Modification Date	Modifier	Organization	Source
2011-06-01	CWE Content Team	MITRE	Internal
2011-06-01	updated Common_Consequences

Page Last Updated: September 12, 2011


	CWE is a Software Assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us