Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CWE-124 (缓冲区下溢) — Vulnerability Class 32

32 vulnerabilities classified as CWE-124 (缓冲区下溢). AI Chinese analysis included.

CWE-124, known as Buffer Underwrite or Buffer Underflow, is a critical memory safety weakness where software writes data to a memory location preceding the intended buffer’s start. This occurs when an index or pointer is incorrectly calculated, often due to signed integer underflows or improper boundary checks, causing the write operation to overwrite adjacent memory structures. Attackers typically exploit this vulnerability to corrupt critical data, such as function return addresses or security metadata, potentially leading to arbitrary code execution or system crashes. To prevent such issues, developers must implement rigorous bounds checking, utilize static analysis tools to detect pointer arithmetic errors, and adopt safe programming languages or libraries that enforce memory safety. Additionally, employing compiler protections like stack canaries and address space layout randomization can mitigate the impact of underflow attempts, ensuring that memory access remains strictly within allocated boundaries.

MITRE CWE Description
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
Common Consequences (3)
Integrity, AvailabilityModify Memory, DoS: Crash, Exit, or Restart
Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash.
Integrity, Confidentiality, Availability, Access Control, OtherExecute Unauthorized Code or Commands, Modify Memory, Bypass Protection Mechanism, Other
If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code. If the corrupted memory is data rather than instructions, the system will continue to function with improper changes, possibly in violation of an implicit or explicit policy. The consequences would o…
Access Control, OtherBypass Protection Mechanism, Other
When the consequence is arbitrary code execution, this can often be used to subvert any other security service.
Mitigations (2)
RequirementsChoose a language that is not susceptible to these issues.
ImplementationAll calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range.
Examples (2)
In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.
char* trimTrailingWhitespace(char *strMessage, int length) { char *retMessage; char *message = malloc(sizeof(char)*(length+1)); // copy input string to a temporary string char message[length+1]; int index; for (index = 0; index < length; index++) { message[index] = strMessage[index]; } message[index] = '\0'; // trim trailing whitespace int len = index-1; while (isspace(message[len])) { message[len] = '\0'; len--; } // return string without trailing whitespace retMessage = message; return retMessage; }
Bad · C
The following is an example of code that may result in a buffer underwrite. This code is attempting to replace the substring "Replace Me" in destBuf with the string stored in srcBuf. It does so by using the function strstr(), which returns a pointer to the found substring in destBuf. Using pointer arithmetic, the starting index of the substring is found.
int main() { ... char *result = strstr(destBuf, "Replace Me"); int idx = result - destBuf; strcpy(&destBuf[idx], srcBuf); ... }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2018-15361 UltraVNC 缓冲区错误漏洞 — UltraVNC 9.8 -2019-03-05
CVE-2018-5388 strongSwan 缓冲区错误漏洞 — strongSwan 6.5 -2018-05-31

Vulnerabilities classified as CWE-124 (缓冲区下溢) represent 32 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.