Authorization / Out-Of-Bounds Write
Description
Out-of-bounds Write (CWE-787) is an authorization vulnerability that occurs when a program writes data past the end of the intended buffer. It is listed in the CWE Top 25 (2022), and is commonly found in Web and API applications. According to the OWASP Testing Guide, this type of vulnerability can lead to a range of security issues, including data leakage, corruption of sensitive data, and even remote code execution.
Risk
Out-of-bounds write vulnerabilities can result in serious, irreversible damage to the system, so it is important to fix them quickly before they are exploited. The risk posed by out-of-bounds write vulnerabilities depends on the context in which they occur, but they can lead to data leakage, data corruption, and remote code execution.
Solution
The best way to fix an out-of-bounds write vulnerability is to limit the size of the buffer, ensure that data is validated before it is written, and use safe programming practices such as bounds checking. Additionally, developers should implement proper security logging and monitoring to detect any attempts to exploit the vulnerability.
Example
The following code snippet is an example of an out-of-bounds write vulnerability, taken from the CVE directory.
int main(int argc, char **argv)
{
char buffer[256];
strcpy(buffer, argv[1]);
}
In this example, the code is vulnerable to an out-of-bounds write attack, because it is not validating the size of the input and the buffer size is fixed at 256 bytes.