Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-680 (整数溢出导致缓冲区溢出) — Vulnerability Class 85

85 vulnerabilities classified as CWE-680 (整数溢出导致缓冲区溢出). AI Chinese analysis included.

CWE-680 is a critical logic flaw where an arithmetic calculation intended to determine buffer size results in an integer overflow, causing the system to allocate insufficient memory. Attackers typically exploit this vulnerability by manipulating input values to trigger the overflow, resulting in a smaller allocation than required for the actual data size. When the application subsequently copies the full-sized data into this undersized buffer, it overwrites adjacent memory, potentially allowing arbitrary code execution or system compromise. To prevent this, developers must implement robust input validation to ensure values remain within safe bounds before performing arithmetic operations. Additionally, using safe libraries that detect overflow conditions, employing larger data types for intermediate calculations, and utilizing static analysis tools can effectively identify and mitigate these dangerous logic errors during the development lifecycle.

MITRE CWE Description
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
Common Consequences (1)
Integrity, Availability, ConfidentialityModify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands
Examples (1)
The following image processing code allocates a table for images.
img_t table_ptr; /*struct containing img data, 10kB each*/ int num_imgs; ... num_imgs = get_num_imgs(); table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs); ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-21843 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21846 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21845 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21847 GPAC Project Advanced Content 缓冲区错误漏洞 — GPAC 8.8 -2021-08-18
CVE-2021-21851 GPAC 输入验证错误漏洞 — GPAC" 8.8 -2021-08-18
CVE-2021-21852 GPAC 输入验证错误漏洞 — GPAC" 8.8 -2021-08-18
CVE-2021-21832 Deamon Tools Pro 输入验证错误漏洞 — Disc 8.8 -2021-08-17
CVE-2021-21861 GPAC Project Advanced Content 安全漏洞 — GPAC Project 8.8 -2021-08-16
CVE-2021-21860 GPAC 安全漏洞 — GPAC Project 8.8 -2021-08-16
CVE-2021-21859 GPAC 输入验证错误漏洞 — GPAC Project 8.8 -2021-08-16
CVE-2021-32625 Redis vulnerability in STRALGO LCS on 32-bit systems — redis 7.5 High2021-06-02
CVE-2021-21783 Genivia gSOAP 输入验证错误漏洞 — Genivia 9.8 -2021-03-25
CVE-2020-13576 Genivia gSOAP 输入验证错误漏洞 — Genivia 9.8 -2021-02-10
CVE-2020-6116 Nitro Software Nitro Pro 输入验证错误漏洞 — Nitro Pro 7.8 -2020-09-17
CVE-2020-10929 NETGEAR R6700 输入验证错误漏洞 — R6700 8.8 -2020-07-28
CVE-2020-15103 Integer Overflow in FreeRDP — FreeRDP 3.5 Low2020-07-27
CVE-2020-11038 Integer Overflow to Buffer Overflow in FreeRDP — FreeRDP 6.9 Medium2020-05-29
CVE-2020-1895 Facebook Instagram for Android 输入验证错误漏洞 — Instagram for Android 7.8 -2020-04-09
CVE-2019-18568 Avira Free Antivirus is proned to a local privilege escalation through the execution of kernel code from a restricted user. — Antivirus Free Antivirus 8.8 -2019-12-31
CVE-2019-5087 xcftools 输入验证错误漏洞 — xcftools 8.8 -2019-11-21
CVE-2019-5086 xcftools 输入验证错误漏洞 — xcftools 8.8 -2019-11-21
CVE-2018-8795 rdesktop 输入验证错误漏洞 — rdesktop 9.8 -2019-02-05
CVE-2018-8794 rdesktop 输入验证错误漏洞 — rdesktop 9.8 -2019-02-05
CVE-2018-8787 FreeRDP 缓冲区错误漏洞 — FreeRDP 9.8 -2018-11-29
CVE-2018-8786 FreeRDP 缓冲区错误漏洞 — FreeRDP 9.8 -2018-11-29

Vulnerabilities classified as CWE-680 (整数溢出导致缓冲区溢出) represent 85 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.