Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-788 (在缓冲区结束位置之后访问内存) — Vulnerability Class 140

140 vulnerabilities classified as CWE-788 (在缓冲区结束位置之后访问内存). AI Chinese analysis included.

CWE-788 represents a critical memory safety vulnerability where software accesses memory locations beyond the allocated boundaries of a buffer. This weakness typically arises from improper pointer arithmetic or off-by-one errors during index manipulation, allowing attackers to read sensitive data or write malicious payloads into adjacent memory regions. Exploitation often leads to information disclosure, application crashes, or arbitrary code execution, depending on the memory layout and attacker control. Developers can prevent this by implementing rigorous bounds checking before any memory access, utilizing safe string handling libraries that enforce length limits, and adopting static analysis tools to detect out-of-bounds references during the coding phase. Furthermore, employing memory-safe programming languages or compiler protections like Address Sanitizers helps identify these errors early, ensuring that buffer indices remain strictly within valid limits throughout the application’s lifecycle.

MITRE CWE Description
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. This typically occurs when a pointer or its index is incremented to a position after the buffer; or when pointer arithmetic results in a position after the buffer.
Common Consequences (3)
ConfidentialityRead Memory
For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffer's position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences.
Integrity, AvailabilityModify Memory, DoS: Crash, Exit, or Restart
Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
IntegrityModify Memory, Execute Unauthorized Code or Commands
If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer's worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious cod…
Examples (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:
int returnChunkSize(void *) { /* if chunk info is valid, return the size of usable memory, * else, return -1 to indicate an error */ ... } int main() { ... memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1)); ... }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-25660 Siemens SIMATIC WinCC 缓冲区错误漏洞 — SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) 7.5 -2021-05-12
CVE-2021-25661 Siemens SIMATIC WinCC 安全漏洞 — SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) 7.5 -2021-05-12
CVE-2021-27384 Siemens SIMATIC WinCC 安全漏洞 — SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) 7.5 -2021-05-12
CVE-2020-27738 多款siemens产品 缓冲区错误漏洞 — APOGEE PXC Compact (BACnet) 6.5 Medium2021-04-22
CVE-2021-21092 Adobe Bridge DCM File Parsing Memory Corruption could lead to arbitrary code execution — Bridge 7.8 -2021-04-15
CVE-2021-21093 Adobe Bridge SGI File Parsing Memory Corruption vulnerability could lead to arbitrary code execution — Bridge 7.8 -2021-04-15
CVE-2021-21082 Adobe Photoshop Memory Corruption — Photoshop 7.8 High2021-03-12
CVE-2020-24412 Adobe Illustrator Memory Corruption Vulnerability — Illustrator 7.8 High2020-10-20
CVE-2020-24414 Adobe Illustrator Memory Corruption Vulnerability — Illustrator 7.8 High2020-10-20
CVE-2020-24415 Adobe Illustrator Memory Corruption Vulnerability — Illustrator 7.8 High2020-10-20
CVE-2020-24413 Adobe Illustrator Memory Corruption Vulnerability — Illustrator 7.8 High2020-10-20
CVE-2020-9727 Out-of-bounds memory access could lead to code execution — InDesign 7.8 High2020-09-10
CVE-2020-9729 Out-of-bounds memory access could lead to code execution — InDesign 7.8 High2020-09-10
CVE-2020-9730 Out-of-bounds memory access could lead to code execution — InDesign 7.8 High2020-09-10
CVE-2020-9731 Out-of-bounds memory access could lead to code execution — InDesign 7.8 High2020-09-10
CVE-2020-9728 Out-of-bounds memory access could lead to code execution — InDesign 7.8 High2020-09-10
CVE-2019-8264 UltraVNC 缓冲区错误漏洞 — UltraVNC 9.8 -2019-03-09
CVE-2019-8265 UltraVNC 缓冲区错误漏洞 — UltraVNC 9.8 -2019-03-09
CVE-2019-8266 UltraVNC 缓冲区错误漏洞 — UltraVNC 8.8 -2019-03-09
CVE-2019-8280 UltraVNC 缓冲区错误漏洞 — UltraVNC 9.8 -2019-03-09

Vulnerabilities classified as CWE-788 (在缓冲区结束位置之后访问内存) represent 140 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.