CWE-124
Buffer Underwrite ('Buffer Underflow')
Description
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Modify Memory, DoS: Crash, Exit, or Restart
Scope
Impact
Execute Unauthorized Code or Commands, Modify Memory, Bypass Protection Mechanism, Other
Scope
Impact
Bypass Protection Mechanism, Other
Potential Mitigations
Choose a language that is not susceptible to these issues.
All calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range.
CVE-2021-24018buffer underwrite in firmware verification routine allows code execution via a crafted firmware image
CVE-2002-2227Unchecked length of SSLv2 challenge value leads to buffer underflow.
CVE-2007-4580Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)
CVE-2007-1584Buffer underflow from an all-whitespace string, which causes a counter to be decremented before the buffer while looking for a non-whitespace character.
CVE-2007-0886Buffer underflow resultant from encoded data that triggers an integer overflow.
CVE-2006-6171Product sets an incorrect buffer size limit, leading to "off-by-two" buffer underflow.
CVE-2006-4024Negative value is used in a memcpy() operation, leading to buffer underflow.
CVE-2004-2620Buffer underflow due to mishandled special characters
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now