CWE-787: Out-of-bounds Write
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product writes data past the end, or before the beginning, of the intended buffer.
常见后果
影响范围: Integrity
技术影响: Modify Memory Execute Unauthorized Code or Commands
说明: Write operations could cause memory corruption. In some cases, an adversary can modify control data such as return addresses in order to execute unexpected code.
影响范围: Availability
技术影响: DoS: Crash, Exit, or Restart
说明: Attempting to access out-of-range, invalid, or unauthorized memory could cause the product to crash.
影响范围: Other
技术影响: Unexpected State
说明: Subsequent write operations can produce undefined or unexpected results.
潜在缓解措施
阶段: Requirements
策略: Language Selection
阶段: Architecture and Design
策略: Libraries or Frameworks
阶段: Operation Build and Compilation
策略: Environment Hardening
有效性: Defense in Depth
阶段: Implementation
阶段: Operation Build and Compilation
策略: Environment Hardening
有效性: Defense in Depth
阶段: Operation
策略: Environment Hardening
有效性: Defense in Depth
阶段: Implementation
描述: Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.
有效性: Moderate
检测方法
方法: Automated Static Analysis
有效性: High
方法: Automated Dynamic Analysis
This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
观察示例
参考: CVE-2025-27363
Font rendering library does not properly handle assigning a signed short value to an unsigned long (CWE-195), leading to an integer wraparound (CWE-190), causing too small of a buffer (CWE-131), leading to an out-of-bounds write (CWE-787).
参考: CVE-2023-1017
The reference implementation code for a Trusted Platform Module does not implement length checks on data, allowing for an attacker to write 2 bytes past the end of a buffer.
参考: CVE-2021-21220
Chain: insufficient input validation (CWE-20) in browser allows heap corruption (CWE-787), as exploited in the wild per CISA KEV.
参考: CVE-2021-28664
GPU kernel driver allows memory corruption because a user can obtain read/write access to read-only pages, as exploited in the wild per CISA KEV.
参考: CVE-2020-17087
Chain: integer truncation (CWE-197) causes small buffer allocation (CWE-131) leading to out-of-bounds write (CWE-787) in kernel pool, as exploited in the wild per CISA KEV.
参考: CVE-2020-1054
Out-of-bounds write in kernel-mode driver, as exploited in the wild per CISA KEV.
参考: CVE-2020-0041
Escape from browser sandbox using out-of-bounds write due to incorrect bounds check, as exploited in the wild per CISA KEV.
参考: CVE-2020-0968
Memory corruption in web browser scripting engine, as exploited in the wild per CISA KEV.
参考: CVE-2020-0022
chain: mobile phone Bluetooth implementation does not include offset when calculating packet length (CWE-682), leading to out-of-bounds write (CWE-787)
参考: CVE-2019-1010006
Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).
参考: CVE-2009-1532
malformed inputs cause accesses of uninitialized or previously-deleted objects, leading to memory corruption
参考: CVE-2009-0269
chain: -1 value from a function call was intended to indicate an error, but is used as an array index instead.
参考: CVE-2002-2227
Unchecked length of SSLv2 challenge value leads to buffer underflow.
参考: CVE-2007-4580
Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)
参考: CVE-2007-4268
Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)
参考: CVE-2009-2550
Classic stack-based buffer overflow in media player using a long entry in a playlist
参考: CVE-2009-2403
Heap-based buffer overflow in media player using a long entry in a playlist
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| ISA/IEC 62443 | Part 3-3 | Req SR 3.5 | - |
| ISA/IEC 62443 | Part 4-1 | Req SI-1 | - |
| ISA/IEC 62443 | Part 4-1 | Req SI-2 | - |
| ISA/IEC 62443 | Part 4-1 | Req SVV-1 | - |
| ISA/IEC 62443 | Part 4-1 | Req SVV-3 | - |
| ISA/IEC 62443 | Part 4-2 | Req CR 3.5 | - |