shared × unstructured — bad data written permanently, and it spreads
Buffer Overflow (Out-of-Bounds Write)
An unchecked length writes past the buffer into adjacent, shared memory.
01the recipe
In the wild
compound ofPointer MismanagementIndex Out of Bounds & Missing KeysCWE-120 Unchecked Buffer CopycompoundCWE-787 OOB Write
example.c
/* SMELL: unchecked length writes past the buffer into adjacent memory.
(pointer-mismanagement x index-out-of-bounds) */
char name[16];
strcpy(name, input); /* input over 15 chars -> overwrites the stack */
/* RIGHT: bound the write to the buffer you actually own. */
char name[16];
snprintf(name, sizeof name, "%s", input); /* truncates, never overflows */The missing bounds check (unstructured) plus a raw pointer write (shared memory) corrupts whatever sits past the buffer -- often the return address.
// observed
overflow: corrupts the return address; crash or code exec bounded: safely truncated, memory intact
02weakness catalog
Mapped weaknesses (CWE)
On its own, this defect is catalogued by MITRE as one or more of these weaknesses. The exploitable vulnerability usually appears only when it chains or combines with another.