AppSec Blog

Top 25 Series - Rank 12 - Buffer Access with Incorrect Length Value

Buffer Access with Incorrect Length Value (CWE-805) is in close relationship with Classic buffer overflow (CWE-120). Class buffer overflow is caused by copying buffer without checking for length. Buffer Access with Incorrect Length when length is in consideration but the actual length defined is not sufficient. The end result of this vulnerability is buffer overflow.

The overall strategies to resolve this type of buffer overflow is no different than classic buffer overflow. Strongest defense is to avoid using languages that is vulnerable to buffer overflow, most new generation of languages are mostly immune to the buffer overflow problem. If language selection is not possible, look into safe libraries to replace the unsafe ones, which helps slightly.

Validation using a code scanning is also useful. Code scanner is a great tool for detecting buffer overflow problems, if you don't get overwhelmed by the massive amount of true vulnerabilities and false positives, especially on the first scan of the application.

Post a Comment


* Indicates a required field.