logo

CWE-131 - Incorrect Calculation of Buffer Size

CWE-131 High

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Incorrect Calculation of Buffer Size

Description

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Common Consequences

Scope: Integrity, Availability, Confidentiality

Impact: DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Read Memory, Modify Memory

Notes: If the incorrect calculation is used in the context of memory allocation, then the software may create a buffer that is smaller or larger than expected. If the allocated buffer is smaller than expected, this could lead to an out-of-bounds read or write (CWE-119), possibly causing a crash, allowing arbitrary code execution, or exposing sensitive data.

Related Weaknesses

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferHigh

CWE-682Incorrect CalculationHigh

  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website