The Out-of-bounds Write is a software security vulnerability that occuers when the data is written beyond the boundaries (i.e. past the end, before the beginning) of the intended buffer. This weakness is also listed in the CWE TOP 25 (2021). This has been give the CWE ID as CWE-787
-
This vulnerability could result into buffer overflows, memory corruption, crash of the software or even a code execution. As per the cwe.mitre.org, The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
-
An alternate term of this weakness is Memory Corruption. CWE website defines memory corruption as, The generic term "memory corruption" is often used to describe the consequences of writing to memory outside the bounds of a buffer, or to memory that is invalid, when the root cause is something other than a sequential copy of excessive data from a fixed starting location. This may include issues such as incorrect pointer arithmetic, accessing invalid pointers due to incomplete initialization or memory release, etc.
-
This weakness is usually introduced while the implementation phase of the software. This type of attacks are majorly observed in softwares based on C and C++ programming languages.
- The following is an example of code that may result in a buffer underwrite, if find() returns a negative value to indicate that ch is not found in srcBuf:
(bad code)
Example Language: C
int main() {
...
strncpy(destBuf, &srcBuf[find(srcBuf, ch)], 1024);
...
}
-
If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition.
-
This vulnerability can be detected using the manual and automated static as well as dynamic analysis using fuzzing techniques.