ソスyソスソスソスpソスKソスCソスhソスz

CWE-119

Weakness ID:119(Weakness Class)

Status: Draft

ソスoソスbソスtソス@ソスGソスソスソス[

ソスソスソス

ソスソスソスソスvソスソス

ソスソスソスソスソスソスソスoソスbソスtソス@ソスソスナオソスyソスソスソス[ソスVソスソスソスソスソスソスソスsソスソスソス\ソスtソスgソスEソスFソスAソスノゑソスソスソスソスト、ソスソスソスソスソスソスソスソスソスノ意図ソスソスソスソスoソスbソスtソス@ソスフ具ソスソスEソスOソスヨ読み擾ソスソスソスソスソスソスツ能ソスネ際に費ソスソスソスソスソスソスソスニ弱性ソスナゑソスソスB

ソスレ細な会ソスソス

ソスソスソスソスフ鯉ソスソスソスノゑソスソスソスソストはソスソスソスソスソスソスAソスhソスソスソスXソスフ抵ソスソスレ指ソス閧ェソスソスソスツゑソスソスソストゑソスソスソスAソスwソス閧ウソス黷スソスソスソスソスソスソスソスoソスbソスtソス@ソスフアソスhソスソスソスXソスフ妥難ソスソスソスソスソスソスソスソスソスソスIソスノ鯉ソスソスリゑソスソスワゑソスソスソスBソスソスソスソスノゑソスソスAソスソスソスフ変撰ソスソスAソスfソス[ソス^ソス\ソスソスソスソスソスソスソスソスフプソスソスソスOソスソスソスソスソスfソス[ソス^ソスニ関連ソスソスソス驛ソスソスソスソスソスフ位置ソスヨ読み擾ソスソスソスソスソスソスツ能ソスニなゑソスワゑソスソスB

ソスソスソスフ鯉ソスソスハ、ソスUソスソスソスメは任ソスモのコソス[ソスhソスソスソスsソスAソスモ図ソスソスソス髏ァソスソスtソスソスソス[ソスヨの会ソスソスソスソスソスAソス@ソスソスソスソスソスフ読み趣ソスソスAソスワゑソスソスヘシソスXソスeソスソスソスフ破ソスが可能ソスナゑソスソスB

ソスハ厄ソス

ソスソスソスソスソスソスソスRソスソスソスvソスVソスソスソスソス

ソスuソスソスソスソスソスソスソスRソスソスソスvソスVソスソスソスソスソスvソスヘ茨ソスハ的ソスノ、ソスoソスbソスtソス@ソスフ外ソスソスソスフソスソスソスソスソスソスノ擾ソスソスソスソスソスソスワゑソスソスpソスソスニゑソスソスト暦ソスソスpソスソスソスソスワゑソスソスBソスソスソス{ソスIソスネ鯉ソスソスソスソスヘ、ソスソスソスソスソスソスソスフ固抵ソスJソスnソスハ置ソスソスソスソス゚度ソスネシソス[ソスPソスソスソスVソスソスソスソスソスネコソスsソス[ソスネ外ソスフ会ソスソスソスソスノゑソスソスソスソスフでゑソスソスiソスソスFソステ典ソスIソスoソスbソスtソス@ソスIソス[ソスoソス[ソスtソスソスソス[ソスAソスソスソス驍「ソスソス CWE-120ソスjソスBソスソスソスソスノは不ソスソスソスmソスネポソスCソスソスソス^ソスvソスZソスAソスsソスソスソスSソスネ擾ソスソスソスソスソスソス窿ソスソスソスソスソスソスソスソスノゑソスソスsソスソスソスネポソスCソスソスソス^ソスヨのアソスNソスZソスXソスAソスニゑソスソスソスソスソスソスソスソスソスソスワまゑソスワゑソスソスB

ソスニ弱性ソスフ費ソスソスソスソスソスソスソス

ソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計
ソスソスソスソス
ソスIソスyソスソスソス[ソスVソスソスソスソス

ソスYソスソスソスソスソスソスvソスソスソスbソスgソスtソスHソス[ソスソス

ソスソスソスソス

C
C++
ソスAソスZソスソスソスuソスソスソスソスソスソス
ソスソスソスソスソスソスソスヌ暦ソスソスソスソスTソス|ソス[ソスgソスソスソスソストゑソスソスネゑソスソスソスソスソス

ソスvソスソスソスbソスgソスtソスHソス[ソスソスソスフ補足

ソスソスソスソスソスフプソスソスソスOソスソスソス~ソスソスソスOソスソスソスソスノゑソスソスソスソストソスソスソスソスソスソスoソスbソスtソス@ソスフ具ソスソスEソスOソスソスソス迹ソスさソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスソスソスAソスソスソスソスソスvソスソスソスbソスgソスtソスHソス[ソスソスソスAソス`ソスbソスvソスフアソス[ソスLソスeソスNソス`ソスソスソスノゑソス閧サソスフ影ソスソスソスヘ大きソスソスソスソスソスEソスソスソスソスワゑソスソスB

ソスソスハ的ソスネ影ソスソス

ソスソスソスSソスソス

ソスUソスソスソスメゑソスソスAソスNソスZソスXソスツ能ソスネソスソスソスソスソスソス制鯉ソスナゑソスソスソス鼾ソスAソスoソスbソスtソス@ソス[ソスIソス[ソスoソス[ソスtソスソスソス[ソスニ難ソスソスlソスノ、ソスCソスモのコソス[ソスhソスソスソスソスソスsソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスソスソスソスソスソスソスフポソスCソスソスソス^ソスフ値(ソスハ擾ソスA32ソスrソスbソスgソスソス64ソスrソスbソスg)ソスソスソス繽托ソスソスソスツ能ソスネ場合ソスAソスUソスソスソスメの茨ソスソスモゑソスソスソスRソス[ソスhソスノソスソス_ソスCソスソスソスNソスgソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB1ソスoソスCソスgソスフ擾ソスソスソスソスソスソスンでゑソスソスAソスCソスモのコソス[ソスhソスソスソスソスソスsソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスソスソスニゑソスソスト、ソスソスソスソスソスニ弱性ソスソスソスJソスソスヤゑソスソスソスソスpソスソスソスソス驍アソスニゑソスAソスソスソスフソスソス[ソスUソスソスソスヌ暦ソスソスメでゑソスソス驍ゥソスヌゑソスソスソスソスソスソスソスソスソスソスtソスソスソスOソスソスソスAソスZソスLソスソスソスソスソスeソスBソスソスdソスvソスネアソスvソスソスソスPソス[ソスVソスソスソスソスソスナ有ソスフ擾ソスが上書ソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソス驍アソスニゑソスソスソスソスソスソスソスソスワゑソスソスB

ソスツ用ソスソス

ソスmソスロゑソスソス黷スソスフ茨ソスOソスフソスソスソスソスソスソスノアソスNソスZソスXソスソスソスソス驍アソスニにゑソスソスAソスソスソスソスソスmソスソスソスナ関連ソスソスソス驛ソスソスソスソスソスAソス鼾ソスノゑソスソスソストはイソスソスソスXソスgソスソスソスNソスVソスソスソスソスソスソスソスjソスソスソスソスソスAソスNソスソスソスbソスVソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスワゑソスソスAソスvソスソスソスOソスソスソスソスソス無鯉ソスソスソスソス[ソスvソスソスソスソスソス體呻ソスAソスツ用ソスソスソスソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソス@ソスソスソスソス

ソスソスソスEソスOソスフ読み趣ソスソスフ場合ソスAソスUソスソスソスメは機ソスソスソスソスソスヨのアソスNソスZソスXソスソスソスソスソスソスソスソスソストゑソスソス驍ゥソスソスソスソスソスソスワゑソスソスソスBソス@ソスソスソスソスがシソスXソスeソスソスソスフ詳細擾ソスソスソスソスワむ場合ソスiソスoソスbソスtソス@ソスソスソスソスソスソスソスフ鯉ソスソスン地ソスソスソスjソスAソスソスソスフ擾ソスソスヘゑソスソスソスネゑソスUソスソスソスノ茨ソスソスpソスソスソスソスAソスソスソス[ソスソスソスネ鯉ソスソスハとなゑソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスUソスソスソスソスソスけゑソスツ能ソスソス

ソスソスソスソス

ソスソスソスoソスソスi

ソスソスソスソスソステ的ソスソスソスソス
ソス{ソスニ弱性ソスヘ趣ソスソスソスソステ的ソスソスソスヘにゑソスソスソスト鯉ソスソスoソスソスソスツ能ソスナゑソスソスBソスナ近のツソス[ソスソスソスフ托ソスソスソスソスヘ、ソスtソスHソス[ソスソスソスXソス|ソスWソスeソスBソスuソスソスソスナ擾ソスソスソスソスソスソス驍スソス゚に、ソスfソス[ソス^ソスtソスソスソス[ソスソスソスヘや制ソスソスxソス[ソスXソスフ技ソスpソスソスソスgソスpソスソスソストゑソスソスワゑソスソスB

ソスソスハ的ソスノ趣ソスソスソスソステ的ソスソスソスヘは、ソスソスソスソスソスソスソスフ外ソスソスソスナのオソスyソスソスソス[ソスVソスソスソスソスソスソスソスソスソス|ソス[ソスgソスソスソスソスロ、ソスツ具ソスソスソスソスlソスソスソスソスソスソスソスソスソスソスソスソスソスsソスソスソスワゑソスソスソスBソスソスソスソスノゑソスソスAソスソスソス[ソスUソスヘどの警ソスソスソスソスソス迺イソスソスソスソスソスラゑソスソスソスソスソスソス閧キソス驍アソスニゑソスソスソスソスソスノなゑソスワゑソスソスBソス痰ヲソスホ、ソスソスソスヘツソス[ソスソスソスヘ、setuid ソス竄サソスフ托ソスソスフ難ソスソスソスソスナ趣ソスソスsソスソスソス驍アソスニゑソス\ソスソスソスソスソストゑソスソスネゑソスソスvソスソスソスOソスソスソスソスソスフコソス}ソスソスソスhソスソスソスCソスソスソスフ茨ソスソスソスソスソスソス逕ュソスソスソスソスソスソスoソスbソスtソス@ソスIソス[ソスoソス[ソスtソスソスソス[ソスソスソスソスソス|ソス[ソスgソスソスソス驍アソスニゑソスソスソスソスソスワゑソスソスB

ソスLソスソスソスソスソスFソスソス
ソスoソスbソスtソス@ソスノ関連ソスソスソスソスGソスソスソス[ソスフ鯉ソスソスoソスソス@ソスヘ、ソスソスソスフ托ソスソスフ脆弱性ソス^ソスCソスvソスノ対ゑソスソスソスソス@ソスソスソスソスソスKソスソスソストゑソスソスワゑソスソスB

ソスソスソスソスソスソスソスIソスソスソスソス
ソス{ソスニ弱性ソスヘ、ソスtソス@ソスYソスeソスXソスg(ソスtソス@ソスWソスソスソスO)ソスAソスソスソスoソスXソスgソスlソスXソスeソスXソスg(ソス謖抵ソスソスソスフテソスXソスg)ソスソスAソスtソスHソス[ソスソスソスgソスCソスソスソスWソスFソスNソスVソスソスソスソス(ソスGソスソスソス[ソスソスソスざソスニ起ソスソスソスソスソスeソスXソスg)ソスソスソスAソスソスソス多ソスlソスネ難ソスソスヘゑソスソスソスソスツ膨ソスソスネテソスXソスgソスPソス[ソスXソスソスソスgソスpソスソスソストソソスtソスgソスEソスFソスAソス分析ゑソスソス體ョソスIソスネツソス[ソスソスソスソスZソスpソスソスpソスソスソスト鯉ソスソスoソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB
ソス\ソスtソスgソスEソスFソスAソスフ擾ソスソスソスソスソスソスxソスヘ低下ソスソスソスワゑソスソスソスソスAソスソスソスソスソスソスソスsソスソスソスソスノなゑソスソスソスソスソスAソスNソスソスソスbソスVソスソスソスソスソスソスAソスsソスソスソスmソスネ鯉ソスソスハゑソスソスoソスソスソスニゑソスソスソスソスソスソスニはゑソスソスソスワゑソスソスソスB

ソスニ趣ソスネコソス[ソスhソスソス

ソスソス 1:

 

ソスネ会ソスソスフ暦ソスヘ、ソスソスソス[ソスUソスソスIPソスAソスhソスソスソスXソスソスソス謫セソスソスソスAソスKソスiソスナゑソスソス驍アソスニゑソスソスmソスFソスソスソスソスソスソスAソスzソスXソスgソスソスソス調べてバソスbソスtソス@ソスソスソスノコソスsソス[ソスソスソス成ソスソスソスソスソスソスフでゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスF C ソスiソスソスソスソスソスソスj 
void host_lookup(char *user_supplied_addr){
struct hostent *hp;
in_addr_t *addr;
char hostname[64];
in_addr_t inet_addr(const char *cp);

/*routine that ensures user_supplied_addr is in the right format for conversion */
validate_addr_form(user_supplied_addr);
addr = inet_addr(user_supplied_addr);
hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);
strcpy(hostname, hp->h_name);
}


ソスソスソスフ関撰ソスソスヘ、ソスzソスXソスgソスlソス[ソスソスソスソスロ托ソスソスソスソス驍スソス゚のバソスbソスtソス@ソスニゑソスソスソス 64 ソスoソスCソスgソスソスソスソスソス闢厄ソストてゑソスソスワゑソスソスソスソスAソスzソスXソスgソスlソス[ソスソスソスヘ必ソスソスソスソスソスソス 64 ソスoソスCソスgソスネ難ソスソスニは鯉ソスソスソスワゑソスソスソスBソスUソスソスソスメにゑソスソスAソスソスソスノ抵ソスソスソスソスzソスXソスgソスlソス[ソスソスソスソスソスソスソスソスソスソスソスソスAソスhソスソスソスXソスソスソスwソス閧ウソス黷スソス鼾ソスAソス@ソスソスソスfソス[ソス^ソスフ上書ソスソスソスソスAソスソスソスソスtソスソスソス[ソスソスDソス謔ウソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

 

ソスソス 2:

 

ソスネ会ソスソスフ暦ソスヘ、ソスソスソスヘゑソスソス黷スソスソスソスソスソスソスソスソスGソスソスソスRソス[ソスhソスvソスソスソスVソス[ソスWソスソスソスノ与ソスソスソスAソスoソスbソスtソス@ソスノ格ソス[ソスソスソスソスソスソスフでゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスF C ソスiソスソスソスソスソスソスj 
char * copy_input(char *user_supplied_string){
int i, dst_index;
char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);
if ( MAX_SIZE <= strlen(user_supplied_string) ){
die("user string too long, die evil hacker!");
}
dst_index = 0;
for ( i = 0; i < strlen; i++ ){
if( '&' == user_supplied_string[i] ){
dst_buf[dst_index++] = '&';
dst_buf[dst_index++] = 'a';
dst_buf[dst_index++] = 'm';
dst_buf[dst_index++] = 'p';
dst_buf[dst_index++] = ';';
}
else if ('<' == user_supplied_string[i] ){
/* encode to &lt; */
}
else dst_buf[dst_index++] = user_supplied_string[i];
}
return dst_buf;
}


ソスAソスソスソスpソスTソスソスソスh (&) ソスソスソスソスソス[ソスUソスフコソスソスソスgソスソスソス[ソスソスソスソスソス髟カソスソスソスソス (&) ソスノエソスソスソスRソス[ソスhソスソスソス謔、ソスニゑソスソストゑソスソスワゑソスソスソスソスAソスGソスソスソスRソス[ソスhソスOソスヘ有ソスソスソスソスソスソスソスソスソスソスソスソスソスソスフ抵ソスソスソスソスソスソスAソスGソスソスソスRソス[ソスhソスノゑソス闥エソス゚ゑソスソストゑソスソスワゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスフ擾ソスAソスGソスソスソスRソス[ソスhソスノゑソス髟カソスソスソスソスソスフ托ソスソスソスソスソス4ソスソスソスソスソスワでと想ソス閧オソストゑソスソスワゑソスソスソスソスAソスAソスソスソスpソスTソスソスソスhソスフ場合ソスソス5ソスソスソスソスソスソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスハ、ソスUソスソスソスメゑソスソスソスハのアソスソスソスpソスTソスソスソスhソスソスソスソスヘゑソスソスソスニ、ソスソスソスソスソスoソスbソスtソス@ソスヘオソス[ソスoソス[ソスtソスソスソス[ソスソスソスワゑソスソスB

 

ソスソス 3:

 

ソスネ会ソスソスフ暦ソスヘ、ソスソスソス[ソスUソスソスソスソスソスレゑソスIソスソスソスソスソス驍スソス゚オソスtソスZソスbソスgソスソスソスソス謔、ソスvソスソスソスソスソスソスソスソスフでゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスF C ソスiソスソスソスソスソスソスj 
int main (int argc, char **argv) {
char *items[] = {"boat", "car", "truck", "train"};
int index = GetUntrustedOffset();
printf("You selected %s¥n", items[index-1]);
}


ソスソスソス[ソスUソスソスソスソスソスXソスgソスソスソスフどの要ソスfソスソスIソスソスソスソスソス驍ゥソスwソス閧キソス驍アソスニゑソスソスソスソスツゑソスソストゑソスソスワゑソスソスソスソスAソスUソスソスソスメは範囲外ソスフオソスtソスZソスbソスgソスソス^ソスソスソスAbuffer over-read (CWE-126) ソスソスソスソスソスソスソスワゑソスソスB

 

ソスソスソスソスソスソスソス黷スソスソスソスソス

 

ソスQソスソス ソスレ搾ソス
CVE-2009-2550 Classic stack-based buffer overflow in media player using a long entry in a playlist
CVE-2009-2403 Heap-based buffer overflow in media player using a long entry in a playlist
CVE-2009-0689 large precision value in a format string triggers overflow
CVE-2009-0690 negative offset value leads to out-of-bounds read
CVE-2009-1532 malformed inputs cause accesses of uninitialized or previously-deleted objects, leading to memory corruption
CVE-2009-1528 chain: lack of synchronization leads to memory corruption
CVE-2009-0558 attacker-controlled array index leads to code execution
CVE-2009-0269 chain: -1 value from a function call was intended to indicate an error, but is used as an array index instead.
CVE-2009-0566 chain: incorrect calculations lead to incorrect pointer dereference and memory corruption
CVE-2009-1350 product accepts crafted messages that lead to a dereference of an arbitrary pointer
CVE-2009-0191 chain: malformed input causes dereference of uninitialized memory
CVE-2008-4113 OS kernel trusts userland-supplied length value, allowing reading of sensitive information

 

ソスソスQソスフ緩和ソスソス

ソスtソスFソス[ソスYソスFソスvソスソスソスソス`

ソス略ソスFソスソスソスソスIソスソス
ソス{ソスニ弱性ソスフ費ソスソスソスソスソスソスネゑソスソスAソスソスソス驍「ソスヘ本ソスニ弱性ソスソスソスソスソスソスソスソス竄キソスソスソスソスソスソス謔、ソスネ構ソスソスソスソス供ゑソスソス骭セソスソスソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスBソスoソスbソスtソス@ソスIソス[ソスoソス[ソスtソスソスソス[ソスフ費ソスソスソスソスソスソスノゑソスソスソス Java ソスソス Perl ソスフようソスネ、ソスソスソスソスソスソスソスヌ暦ソスソスソスニ趣ソスソスノ行ソスソスソスソスソス黷ェソスソスノ具ソスソスソスソスソスソスワゑソスソスB
ソスソスソスフ托ソスソスソス Ada ソスソス C# ソスニゑソスソスソスソスソスソスソスソスソスヘ、ソスソスハ的ソスノオソス[ソスoソス[ソスtソスソスソス[ソスノ対ゑソスソスソスロ鯉ソス@ソス\ソスソス供ゑソスソスワゑソスソスソスソスAソスvソスソスソスOソスソスソス}ソスノゑソス阮ウソスソスソスノゑソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB
ソスlソスCソスeソスBソスuソスRソス[ソスh(ソスIソスuソスWソスFソスNソスgソスRソス[ソスh)ソスノ対ゑソスソス骭セソスソスフイソスソスソス^ソス[ソスtソスFソス[ソスXソスヘ、ソスソスソス齊ゥソスフゑソスソス_ソスソスソスIソスノ茨ソスソスSソスナゑソスソスソスソスソスソスニゑソスソストゑソスソスAソスIソス[ソスoソス[ソスtソスソスソス[ソスフ危険ソスソスソスソスソスcソス驍アソスニに抵ソスソスモゑソスソストゑソスソスソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

ソス略ソスF ソスソスソスCソスuソスソスソスソスソスAソスtソスソスソス[ソスソスソスソスソス[ソスN
ソス{ソスニ弱性ソスフ費ソスソスソスソスソスhソスソスソスAソスソスソス驍「ソスヘ本ソスニ弱性ソスソスソスソスソスソスソスソス竄キソスソスソス\ソスソスソスソス供ゑソスソスソスAソス\ソスソスソスノ鯉ソスソスソスソスソスソス黷スソスソスソスCソスuソスソスソスソスソスソスtソスソスソス[ソスソスソスソスソス[ソスNソスソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスB
Messier and Viega ソスフ提供ゑソスソスソス Safe C String Library (SafeStr)ソスAMicrosoft ソスフ提供ゑソスソスソス Strsafe.h ソスソスソスCソスuソスソスソスソスソスソスソスソスノ具ソスソスソスソスソスソスワゑソスソスBソスソスソスソスソスフソスソスCソスuソスソスソスソスソスヘ、ソスIソス[ソスoソス[ソスtソスソスソス[ソスソスソスソスソスソスソスNソスソスソスソスソス竄キソスソスソスソスソスソスソスソスソスソスソスソスソスソスヨ撰ソスソスフ、ソスソスソスソスソスSソスネバソス[ソスWソスソスソスソスソスソス供ゑソスソスワゑソスソスB
ソスソスソスソスソスソスソスAソスソスソスソスソスフバソスbソスtソス@ソスIソス[ソスoソス[ソスtソスソスソス[ソスヘ包ソスソスソスソスソスノ関連ソスソスソスネゑソスソスソスソス゚、ソスソスソスSソスネ対搾ソスナはゑソスソスソスワゑソスソスソスB

ソスtソスFソス[ソスYソスFソスrソスソスソスhソスソスソスソスムコソスソスソスpソスCソスソス

ソス略ソスF ソスRソスソスソスpソスCソスソスソスAソスrソスソスソスhソスフ具ソスソスソス
ソスoソスbソスtソス@ソスIソス[ソスoソス[ソスtソスソスソス[ソスソスソスyソスソスソスソスソス驍「ソスヘ排ソスソスソスソスソスソスロ鯉ソス@ソス\ソスソスソスソスソスソスソスIソスノ提供ゑソスソスソス@ソス\ソスソスgソスソスソスqソスソスソスgソスpソスソスソスト、ソス\ソスtソスgソスEソスFソスAソスソスソスソスソスsソスAソスワゑソスソスヘコソスソスソスpソスCソスソスソスソスソストゑソスソスソスソスソスソスソスソスBソスRソスソスソスpソスCソスソスソスソスソス黷スソスRソス[ソスhソスノ対ゑソスソスAソスソスソスソスソスIソスノバソスbソスtソス@ソスIソス[ソスoソス[ソスtソスソスソス[ソスフ鯉ソスソスoソス@ソス\ソスソス供ゑソスソスソス謔、ソスネコソスソスソスpソスCソスソスソスソスgソスソスソスqソスソスソスソスニゑソスソスト具ソスソスソスソスソスソスワゑソスソスBソスソスソスフようソスネコソスソスソスpソスCソスソスソスソスgソスソスソスqソスノは、Microsoft Visual Studio /GS ソスtソスソスソスOソスAFedora/Red Hat FORTIFY_SOURCE GCC ソスtソスソスソスOソスAStackGuard, ProPolice ソスソスソスソスソスワまゑソスワゑソスソスB

ソスLソスソスソスソスソスFソスソスソスwソスhソスソス
ソスソスソスソスソスフ仕ソスgソスンゑソスソスソスソスmソスツ能ソスネオソス[ソスoソス[ソスtソスソスソス[ソスフ趣ソズは鯉ソスソスソスソストゑソスソス驍スソス゚、ソスソスソスSソスネ会ソスソスソスソスソスナはゑソスソスソスワゑソスソスソスBソスワゑソスソスAソスハ擾ソスフソスソスXソス|ソスソスソスXソスヘアソスvソスソスソスPソス[ソスVソスソスソスソスソスソスソスIソスソスソスソスソスソスソス驍スソス゚、ソスUソスソスソスノゑソスソスAソスTソス[ソスrソスXソスsソス\ (DoS) ソスソスヤにゑソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソスvソスソスソスOソスソスソス}ソスヘ、ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスフソスソスソスソスソスソスソスソスソスソス闢厄ソストゑソスソスソスAソスヌ暦ソスソスソスソスソスソス閧キソスソスロに以会ソスソスフソスソス[ソスソスソスソスソスソスソス轤オソスト会ソスソスソスソスソスソスB

ソスEソスoソスbソスtソス@ソスフ容ソスハゑソスソスwソス閧オソスソスソスTソスCソスYソスニ難ソスソスソスソスソスソス_ソスuソスソスソス`ソスFソスbソスNソスソスソスソス
ソスEstrncpy() ソスヨ撰ソスソスソスソスAソスTソスCソスYソスフ大きソスネデソス[ソス^ソスソスソスRソスsソス[ソスoソスソスソスソスヨ撰ソスソスソスソスgソスpソスソスソスソス鼾ソスAソスソスソスソスソスソス NULL ソスIソス[ソスナなゑソスソスツ能ソスソスソスソスソスソスソス驍スソス゚、ソスソスソスソスソスフバソスbソスtソス@ソスTソスCソスYソスソスソスソスソス闌ウソスフバソスbソスtソス@ソスTソスCソスYソスニ難ソスソスソスソスソスソスソスソスmソスFソスソスソスソス
ソスEソスoソスbソスtソス@ソスノ繰ソスソスヤゑソスソスAソスNソスZソスXソスソスソスソス鼾ソスノはバソスbソスtソス@ソスフ擾ソスソスソスソスソス`ソスFソスbソスNソスソスソスAソスソスソス闢厄ソストゑソス黷スソスフ茨ソス超ゑソスソストデソス[ソス^ソスソスソスソスソスソスソスソスソズ危険ソスソスソスソスソスネゑソスソスソスソスニゑソスソスmソスFソスソスソスソス
ソスEソスSソストの難ソスソスヘゑソスソス黷スソスソスソスソスソスソスソスソスAソスKソスvソスノ会ソスソスソスソストコソスsソス[ソスヨ撰ソスソスソスAソスソスソスヨ撰ソスソスノ茨ソスソスソスソスnソスソスソスOソスノ適ソスリな抵ソスソスソスソスノ抵ソスソス゚ゑソスソスソス

ソスtソスFソス[ソスYソスFソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスツ具ソスソスフ具ソスソスソス
Address Space Layout Randomization (ASLR) ソスソスソスフ機ソス\ソスソスソスgソスpソスソスソスト会ソスソスソスソスソスソスB

ソスLソスソスソスソスソスFソスソスソスwソスhソスソス
ソスソスソスソスヘ奇ソスソスSソスネ会ソスソスソスソスソスナはゑソスソスソスワゑソスソスソスBソスソスソスソスソスソスソスAソスSソストのプソスソスソスOソスソスソスソスソスソスソスsソスソスマ更ソスソスソス髢「ソスmソスフ値ソス推托ソスソスソスソスソス謔、ソスノ具ソスソスソスソスソスソスソスソス驍アソスニは可能ソスナゑソスソスBソスソスソスソスソスソスソスAソスソスソスフ機ソス\ソスフ典ソス^ソスIソスネ会ソスソスソスソスヘアソスvソスソスソスPソス[ソスVソスソスソスソスソスフ終ソスソスソスナゑソスソス驍スソス゚、ソスUソスソスソスノゑソスソス DoS ソスソスソスソスソスソスソスNソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスツ具ソスソスフ具ソスソスソス
Data Execution Protection (NX) ソスワゑソスソスヘゑソスソスソスニ難ソスソスソスソスフ機ソス\ソスソス供ゑソスソスソス CPU ソスソスソスソスソス OS ソスソスソスgソスpソスソスソスト会ソスソスソスソスソスソスB

ソスLソスソスソスソスソスFソスソスソスwソスhソスソス
ソスoソスbソスtソス@ソスIソス[ソスoソスtソスソスソス[ソスヘ隣接ゑソスソス驍キソスソスマ撰ソスソスソスソス繽托ソスソスソスソスソスAソス\ソスtソスgソスEソスFソスAソスソスソス険ソスネ擾ソスヤに会ソスソスソスソスするこソスニゑソスレ的ソスニゑソスソスト使ソスpソスソスソスソス驍スソス゚、ソスソスソスソスヘ奇ソスソスSソスネ会ソスソスソスソスソスナはゑソスソスソスワゑソスソスソスBソスワゑソスソスAソスソスソスネ擾ソスソスソスソスソスソスソスソスRソス[ソスhソスソスソスKソスvソスネ場合ソスヘ使ソスpソスソスソス驍アソスニゑソスソスナゑソスソスワゑソスソスソスBソスソスソスフ機ソス\ソスフ典ソス^ソスIソスネ会ソスソスソスソスヘアソスvソスソスソスPソス[ソスVソスソスソスソスソスフ終ソスソスソスナゑソスソス驍スソス゚、ソスUソスソスソスノゑソスソス DoS ソスソスソスソスソスソスソスNソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

strcpy ソスソス strncpy ソスノ置ソスソスソスソスソスソスソス體呻ソスAソスソスソスソスソスフなゑソスソスRソスsソス[ソスヨ撰ソスソスソスソスAソスソスソスソスソスフ茨ソスソスソスソスソスソスTソス|ソス[ソスgソスソスソスソズ趣ソスソスソスソスソスソスヨ撰ソスソスノ置ソスソスソスソスソストゑソスソスソスソスソスソスソスソスBソスソスソスpソスツ能ソスネ関撰ソスソスソスソスネゑソスソス鼾ソスヘ、ソス成ソスソスソストゑソスソスソスソスソスソスソスソスB

ソスLソスソスソスソスソスFソスソス
ソスソスソスフ緩和ソスソスヘ、off-by-one errors (CWE-193) ソスソス incorrectly calculating buffer lengths (CWE-131) ソスフ厄ソスソスフようソスネ計ソスZソスGソスソスソス[ソスフ影ソスソスソスソスソスけゑソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスヨ係ソスソス

 

Nature Type ID Name View(s) this relationship pertains to Named Chain(s) this relationship pertains to
ChildOf Weakness
ClassWeakness
ClassWeakness Class		 20 Improper Input Validation Development Concepts699
Seven Pernicious Kingdoms (primary)700
ChildOf Weakness
ClassWeakness
ClassWeakness Class		 118 Improper Access of Indexable Resource ('Range Error') Development Concepts (primary)699
Research Concepts (primary)1000
ChildOf CategoryCategory 633 Weaknesses that Affect Memory Resource-specific Weaknesses (primary)631
ChildOf CategoryCategory 726 OWASP Top Ten 2004 Category A5 - Buffer Overflows Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOf CategoryCategory 740 CERT C Secure Coding Section 06 - Arrays (ARR) Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf CategoryCategory 741 CERT C Secure Coding Section 07 - Characters and Strings (STR) Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOf CategoryCategory 742 CERT C Secure Coding Section 08 - Memory Management (MEM) Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOf CategoryCategory 743 CERT C Secure Coding Section 09 - Input Output (FIO) Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOf CategoryCategory 744 CERT C Secure Coding Section 10 - Environment (ENV) Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOf CategoryCategory 752 2009 Top 25 - Risky Resource Management Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750
ParentOf Compound Element: CompositeCompound Element: Composite 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 123 Write-what-where Condition Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 125 Out-of-bounds Read Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 130 Improper Handling of Length Parameter Inconsistency Development Concepts (primary)699
ParentOf Weakness Base 466 Return of Pointer Value Outside of Expected Range Research Concepts (primary)1000
ParentOf Weakness Base 786 Access of Memory Location Before Start of Buffer Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 787 Out-of-bounds Write Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 788 Access of Memory Location After End of Buffer Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 805 Buffer Access with Incorrect Length Value Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 822 Untrusted Pointer Dereference Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 823 Use of Out-of-range Pointer Offset Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 824 Access of Uninitialized Pointer Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 825 Expired Pointer Dereference Development Concepts (primary)699
Research Concepts (primary)1000
MemberOf View 635 Weaknesses Used by NVD Weaknesses Used by NVD (primary)635
ParentOf Weakness Base 128 Wrap-around Error Research Concepts1000
ParentOf Weakness Base 129 Improper Validation of Array Index Research Concepts1000
CanFollow Weakness Base 131 Incorrect Calculation of Buffer Size Development Concepts699
Research Concepts1000
CanFollow Weakness Base 190 Integer Overflow or Wraparound Research Concepts1000 Integer Overflow to Buffer Overflow(680)
CanFollow Weakness Base 193 Off-by-one Error Research Concepts1000
CanFollow Weakness Variant 195 Signed to Unsigned Conversion Error Research Concepts1000

 

ソスeソスソスソスソスソスけゑソスVソスXソスeソスソスソスソスソス\ソス[ソスX

ソスソスソスソスソスソス

ソスソスソスgソスDソスナの包ソスソスソス

 

ソスgソスDソスソスソスワゑソスソスヘ組ソスDソスナの包ソスソスソス ソスmソス[ソスh ID CWEソスフ包ソスソズとの適ソスソスソスx ソスソスソズ厄ソス
OWASP Top Ten 2004 A5 ソスソスソスソス Buffer Overflows
CERT C Secure Coding ARR00-C Understand how arrays work
CERT C Secure Coding ARR33-C Guarantee that copies are made into storage of sufficient size
CERT C Secure Coding ARR34-C Ensure that array types in expressions are compatible
CERT C Secure Coding ARR35-C Do not allow loops to iterate beyond the end of an array
CERT C Secure Coding ENV01-C Do not make assumptions about the size of an environment variable
CERT C Secure Coding FIO37-C Do not assume character data has been read
CERT C Secure Coding MEM09-C Do not assume memory allocation routines initialize memory
CERT C Secure Coding STR31-C Guarantee that storage for strings has sufficient space for character data and the null terminator
CERT C Secure Coding STR32-C Null-terminate byte strings as required
CERT C Secure Coding STR33-C Size wide character strings correctly
WASC 7 Buffer Overflow

 

ソスヨ連ソスソスソスソスUソスソスソスpソス^ソス[ソスソス

 

CAPEC-ID ソスUソスソスソスpソス^ソス[ソスソスソスソス (CAPEC Version 1.5)
8 Buffer Overflow in an API Call
9 Buffer Overflow in Local Command-Line Utilities
10 Buffer Overflow via Environment Variables
14 Client-side Injection-induced Buffer Overflow
24 Filter Failure through Buffer Overflow
42 MIME Conversion
44 Overflow Binary Resource File
45 Buffer Overflow via Symbolic Links
100 Overflow Buffers
46 Overflow Variables and Tags
47 Buffer Overflow via Parameter Expansion

 

ソスQソスソス

[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 5, "Public Enemy #1: The Buffer Overrun" Page 127; Chapter 14, "Prevent I18N Buffer Overruns" Page 441. 2nd Edition. Microsoft. 2002. 
Microsoft. "Using the Strsafe.h Functions". <http://msdn.microsoft.com/en-us/library/ms647466.aspx>.
Matt Messier and John Viega. "Safe C String Library v1.0.3". <http://www.zork.org/safestr/>.
Michael Howard. "Address Space Layout Randomization in Windows Vista". <http://blogs.msdn.com/michael_howard/archive/2006/05/26/address-space-layout-randomization-in-windows-vista.aspx>.
Arjan van de Ven. "Limiting buffer overflows with ExecShield". <http://www.redhat.com/magazine/009jul05/features/execshield/>.
"PaX". <http://en.wikipedia.org/wiki/PaX>.

ソスXソスVソスソスソスソス

[2011ソスN04ソスソス21ソスソス]
  2010ソスN10ソスソス12ソスソスソスソスソス_ソスフデソス[ソス^ソスソスソスソスソスノ更ソスV
[2009ソスN06ソスソス29ソスソス]
  2009ソスN02ソスソス02ソスソスソスソスソス_ソスフ会ソスソスL URL ソスソスソスソスソスノ作成
    http://cwe.mitre.org/data/definitions/119.html

ソスoソス^ソスソス 2011/04/21

ソスナ終ソスXソスVソスソス 2023/04/04

OSZAR »