CWE-131: Incorrect Calculation of Buffer Size

BaseDraftExploit Likelihood: High

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

View on MITRE
Back to CWE Lookup

Technical Details

Structure
Simple

Applicable To

Languages
CC++
Platforms

Frequently Asked Questions

What is CWE-131: Incorrect Calculation of Buffer Size?+

CWE-131: Incorrect Calculation of Buffer Size is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

What are the security consequences of Incorrect Calculation of Buffer Size?+

If exploited, CWE-131 (Incorrect Calculation of Buffer Size) it can compromise Integrity, Availability and Confidentiality, leading to outcomes such as DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Read Memory and Modify Memory.

How do you prevent or mitigate Incorrect Calculation of Buffer Size?+

Recommended mitigations for CWE-131 include: When processing structured incoming data containing a size field followed by raw data, identify and resolve any inconsistencies between the size field and the actual size of the data (CWE-130). When allocating memory that uses sentinels to mark the end of a data structure - such as NUL bytes in strings - make sure you also include the sentinel in your calculation of the total amount of memory that must be allocated. Use sizeof() on the appropriate data type to avoid CWE-467.

How is Incorrect Calculation of Buffer Size detected?+

CWE-131 can be detected using Automated Static Analysis - Binary or Bytecode, Automated Static Analysis - Source Code and Architecture or Design Review. Combining automated tooling with manual review typically yields the best coverage.

Which programming languages are affected by Incorrect Calculation of Buffer Size?+

CWE-131 commonly affects C and C++. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Incorrect Calculation of Buffer Size?+

MITRE documents real CVEs mapped to CWE-131, including CVE-2025-27363, CVE-2020-17087, CVE-2004-1363, CVE-2004-0747 and CVE-2005-2103. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-131 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More