CWE-124: Buffer Underwrite ('Buffer Underflow')

BaseIncompleteExploit Likelihood: Medium

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

View on MITRE
Back to CWE Lookup

Extended Description

This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.

Technical Details

Structure
Simple

Applicable To

Languages
CC++
Platforms

Frequently Asked Questions

What is CWE-124: Buffer Underwrite ('Buffer Underflow')?+

CWE-124: Buffer Underwrite ('Buffer Underflow') is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.

What are the security consequences of Buffer Underwrite ('Buffer Underflow')?+

If exploited, CWE-124 (Buffer Underwrite ('Buffer Underflow')) it can compromise Integrity, Availability, Confidentiality, Access Control and Other, leading to outcomes such as Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Bypass Protection Mechanism and Other.

How do you prevent or mitigate Buffer Underwrite ('Buffer Underflow')?+

Recommended mitigations for CWE-124 include: Choose a language that is not susceptible to these issues. All calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range.

Which programming languages are affected by Buffer Underwrite ('Buffer Underflow')?+

CWE-124 commonly affects C and C++. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Buffer Underwrite ('Buffer Underflow')?+

MITRE documents real CVEs mapped to CWE-124, including CVE-2021-24018, CVE-2002-2227, CVE-2007-4580, CVE-2007-1584 and CVE-2007-0886. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-124 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More

CWE-124: Buffer Underwrite ('Buffer Underflow') | CWE Lookup | InventiveHQ