Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-131 (缓冲区大小计算不正确) — Vulnerability Class 82

82 vulnerabilities classified as CWE-131 (缓冲区大小计算不正确). AI Chinese analysis included.

CWE-131 represents a critical logic error where software fails to accurately determine the necessary memory allocation size for a buffer. This miscalculation typically stems from using incorrect data types, ignoring header overhead, or neglecting null terminators during size computations. Attackers exploit this vulnerability by crafting inputs that exceed the allocated memory space, triggering a buffer overflow. This overflow allows malicious actors to overwrite adjacent memory, potentially executing arbitrary code, crashing the application, or gaining unauthorized system access. To prevent such exploits, developers must rigorously validate input lengths and employ safe, bounds-checking functions like strncpy or snprintf instead of unsafe alternatives. Additionally, utilizing static analysis tools and conducting thorough code reviews can help identify arithmetic errors in memory allocation logic before deployment, ensuring that buffer sizes accurately reflect the actual data requirements.

MITRE CWE Description
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
Common Consequences (1)
Integrity, Availability, ConfidentialityDoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Read Memory, Modify Memory
If the incorrect calculation is used in the context of memory allocation, then the software may create a buffer that is smaller or larger than expected. If the allocated buffer is smaller than expected, this could lead to an out-of-bounds read or write (CWE-119), possibly causing a crash, allowing a…
Mitigations (5)
ImplementationWhen allocating a buffer for the purpose of transforming, converting, or encoding an input, allocate enough memory to handle the largest possible encoding. For example, in a routine that converts "&" characters to "&" for HTML entity encoding, the output buffer needs to be at least 5 times as large as the input buffer.
ImplementationUnderstand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]…
ImplementationPerform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
ImplementationWhen processing structured incoming data containing a size field followed by raw data, identify and resolve any inconsistencies between the size field and the actual size of the data (CWE-130).
Examples (2)
The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.
int i; unsigned int numWidgets; Widget **WidgetList; numWidgets = GetUntrustedSizeValue(); if ((numWidgets == 0) || (numWidgets > MAX_NUM_WIDGETS)) { ExitError("Incorrect number of widgets requested!"); } WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *)); printf("WidgetList ptr=%p\n", WidgetList); for(i=0; i<numWidgets; i++) { WidgetList[i] = InitializeWidget(); } WidgetList[numWidgets] = NULL; showWidgets(WidgetList);
Bad · C
The following image processing code allocates a table for images.
img_t table_ptr; /*struct containing img data, 10kB each*/ int num_imgs; ... num_imgs = get_num_imgs(); table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs); ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-21824 Accusoft ImageGear 缓冲区错误漏洞 — Accusoft 8.8 -2021-06-11
CVE-2021-3491 Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass — Linux kernel 7.8 High2021-06-04
CVE-2021-29521 Segfault in SparseCountSparseOutput — tensorflow 2.5 Low2021-05-14
CVE-2021-29608 Heap OOB and null pointer dereference in `RaggedTensorToTensor` — tensorflow 5.3 Medium2021-05-14
CVE-2021-29529 Heap buffer overflow caused by rounding — tensorflow 2.5 Low2021-05-14
CVE-2021-29535 Heap buffer overflow in `QuantizedMul` — tensorflow 2.5 Low2021-05-14
CVE-2021-29536 Heap buffer overflow in `QuantizedReshape` — tensorflow 2.5 Low2021-05-14
CVE-2021-29537 Heap buffer overflow in `QuantizedResizeBilinear` — tensorflow 2.5 Low2021-05-14
CVE-2021-29542 Heap buffer overflow in `StringNGrams` — tensorflow 2.5 Low2021-05-14
CVE-2021-29545 Heap buffer overflow in `SparseTensorToCSRSparseMatrix` — tensorflow 2.5 Low2021-05-14
CVE-2021-0254 Junos OS: Remote code execution vulnerability in overlayd service — Junos OS 9.8 Critical2021-04-22
CVE-2021-21782 Accusoft ImageGear 缓冲区错误漏洞 — Accusoft 8.8 -2021-03-31
CVE-2021-21776 Accusoft ImageGear 缓冲区错误漏洞 — Accusoft 8.8 -2021-03-31
CVE-2021-21773 Accusoft ImageGear 代码问题漏洞 — Accusoft 8.8 -2021-03-31
CVE-2020-13585 Accusoft ImageGear 缓冲区错误漏洞 — Accusoft 8.8 -2021-02-10
CVE-2020-1680 Junos OS: MX Series: MS-MPC/MIC might crash when processing malformed IPv6 packet in NAT64 configuration. — Junos OS 5.3 Medium2020-10-16
CVE-2020-6106 F2fs.Fsck 缓冲区错误漏洞 — F2fs-Tools 5.5 -2020-10-15
CVE-2020-6108 F2fs.Fsck 缓冲区错误漏洞 — F2fs-Tools 7.8 -2020-10-15
CVE-2020-14385 Linux kernel 代码问题漏洞 — kernel 5.5 Medium2020-09-15
CVE-2019-19282 Siemens SIMATIC PCS 7和SIMATIC WinCC 输入验证错误漏洞 — OpenPCS 7 V8.1 7.5 High2020-03-10
CVE-2019-5435 Haxx libcurl 输入验证错误漏洞 — curl 7.4 -2019-05-28
CVE-2018-14618 Haxx curl 输入验证错误漏洞 — curl 9.8 -2018-09-05

Vulnerabilities classified as CWE-131 (缓冲区大小计算不正确) represent 82 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.