angler-fishThe Vulnerability History Project

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

"The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer." - Entry from the Common Weakness Enumeration For more info visit <a href="https://cwe.mitre.org/data/definitions/119.html" target="_blank" rel="noopener noreferrer">CWE-119</a>

Examples

Bad things happen when integers wrap around

Loop counters, file sizes, malloc arguments, session tokens, primary keys... numbers are everywhere in our code. What happens when our numbers get very, _very_ big? Integer overflow, or wraparound, is much more dangerous than it seems.

expand_less