Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-680 (整数溢出导致缓冲区溢出) — Vulnerability Class 85

85 vulnerabilities classified as CWE-680 (整数溢出导致缓冲区溢出). AI Chinese analysis included.

CWE-680 is a critical logic flaw where an arithmetic calculation intended to determine buffer size results in an integer overflow, causing the system to allocate insufficient memory. Attackers typically exploit this vulnerability by manipulating input values to trigger the overflow, resulting in a smaller allocation than required for the actual data size. When the application subsequently copies the full-sized data into this undersized buffer, it overwrites adjacent memory, potentially allowing arbitrary code execution or system compromise. To prevent this, developers must implement robust input validation to ensure values remain within safe bounds before performing arithmetic operations. Additionally, using safe libraries that detect overflow conditions, employing larger data types for intermediate calculations, and utilizing static analysis tools can effectively identify and mitigate these dangerous logic errors during the development lifecycle.

MITRE CWE Description
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
Common Consequences (1)
Integrity, Availability, ConfidentialityModify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands
Examples (1)
The following image processing code allocates a table for images.
img_t table_ptr; /*struct containing img data, 10kB each*/ int num_imgs; ... num_imgs = get_num_imgs(); table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs); ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-25705 Integer Overflow to Buffer Overflow in Modem — Snapdragon 7.8 High2023-03-07
CVE-2022-33248 Integer overflow to buffer overflow in User Identity Module — Snapdragon 7.8 High2023-02-09
CVE-2022-35289 Facebook Hermes 输入验证错误漏洞 — Hermes 9.8 -2022-10-11
CVE-2022-32543 ESTsoft Alyac 输入验证错误漏洞 — Alyac 7.8 -2022-08-05
CVE-2022-29886 ESTsoft Alyac 输入验证错误漏洞 — Alyac 7.8 -2022-08-05
CVE-2022-29030 Siemens JT2GO和Siemens Teamcenter Visualization 输入验证错误漏洞 — JT2Go 5.5 -2022-05-10
CVE-2020-6099 Graphisoft BIMx Desktop Viewer 输入验证错误漏洞 — BIMx Desktop Viewer 7.8 -2022-04-18
CVE-2021-40417 Blackmagic Design DaVinci Resolve 输入验证错误漏洞 — Blackmagic Design 9.8 Critical2021-12-22
CVE-2021-3321 Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal — zephyr 7.5 High2021-10-12
CVE-2021-30354 Amazon Kindle e-reader输入验证错误漏洞 — Amazon Kindle e-reader 8.6 -2021-09-01
CVE-2021-21850 GPAC 输入验证错误漏洞 — GPAC Project 8.8 -2021-08-25
CVE-2021-21848 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC Project 8.8 -2021-08-25
CVE-2021-21849 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC Project 8.8 -2021-08-25
CVE-2021-21841 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC Project 8.8 -2021-08-25
CVE-2021-21842 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC Project 8.8 -2021-08-25
CVE-2021-21840 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC Project 8.8 -2021-08-25
CVE-2021-21836 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC Project 8.8 -2021-08-25
CVE-2021-21834 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC Project 8.8 -2021-08-25
CVE-2021-21835 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC Project 8.8 -2021-08-25
CVE-2021-21862 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21858 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21857 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21856 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21855 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21854 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21853 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21839 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21838 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21837 GPAC Project Advanced Content 输入验证错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21844 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18

Vulnerabilities classified as CWE-680 (整数溢出导致缓冲区溢出) represent 85 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.