Buffer Overflow Ransomware Risk
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.
CWE-119 : Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. The "buffer overflow" term has many different meanings to different audiences. From a CWE mapping perspective, this term should be avoided where possible. Some researchers, developers, and tools intend for it to mean "write past the end of a buffer," whereas other use the same term to mean "any read or write outside the boundaries of a buffer, whether before the beginning of the buffer or after the end of the buffer." Still others using the same term could mean "any action after the end of a buffer, whether it is a read or write." Since the term is commonly used for exploitation and for vulnerabilities, it further confuses things. Some prominent vendors and researchers use the term "buffer overrun," but most people use "buffer overflow." See the alternate term for "buffer overflow" for context. "Memory safety" is generally used for techniques that avoid weaknesses related to memory access, such as those identified by CWE-119 and its descendants. However, the term is not formal, and there is likely disagreement between practitioners as to which weaknesses are implicitly covered by the "memory safety" term. This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results. Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61]. Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available. Incorrect URI normalization in application traffic product leads to buffer overflow, as exploited in the wild per CISA KEV. Buffer overflow in Wi-Fi router web interface, as exploited in the wild per CISA KEV. Classic stack-based buffer overflow in media player using a long entry in a playlist Heap-based buffer overflow in media player using a long entry in a playlist large precision value in a format string triggers overflow negative offset value leads to out-of-bounds read malformed inputs cause accesses of uninitialized or previously-deleted objects, leading to memory corruption chain: lack of synchronization leads to memory corruption Chain: machine-learning product can have a heap-basedbuffer overflow (CWE-122) when some integer-oriented bounds arecalculated by using ceiling() and floor() on floating point values(CWE-1339) attacker-controlled array index leads to code execution chain: -1 value from a function call was intended to indicate an error, but is used as an array index instead. chain: incorrect calculations lead to incorrect pointer dereference and memory corruption product accepts crafted messages that lead to a dereference of an arbitrary pointer chain: malformed input causes dereference of uninitialized memory OS kernel trusts userland-supplied length value, allowing reading of sensitive information Chain: integer overflow in securely-coded mail program leads to buffer overflow. In 2005, this was regarded as unrealistic to exploit, but in 2020, it was rediscovered to be easier to exploit due to evolutions of the technology. buffer overflow involving a regular expression with a large number of captures chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).
|No known exploits|
|46||Overflow Variables and Tags
|9||Buffer Overflow in Local Command-Line Utilities
|47||Buffer Overflow via Parameter Expansion
|24||Filter Failure through Buffer Overflow
|8||Buffer Overflow in an API Call
|44||Overflow Binary Resource File
|45||Buffer Overflow via Symbolic Links
|10||Buffer Overflow via Environment Variables
|14||Client-side Injection-induced Buffer Overflow
Take a picture of your computer network in a few clicks !
The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.