Skip to main content

Out-of-bounds read

Description

It is possible to make the system read data before or beyond the intended buffer.

Impact

Get access to the system and get control of the server.

Recommendation

  • Implement good security practices in the software development life cycle.
  • Disable de unsafe functions in the system.

Threat

External attacker with access to the application.

Expected Remediation Time

⌚ 60 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: N
  • Attack complexity: H
  • Privileges required: N
  • User interaction: N
  • Scope: U
  • Confidentiality: L
  • Integrity: L
  • Availability: H

Temporal

  • Exploit code madurity: F
  • Remediation level: O
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:F/RL:O/RC:X
  • Score:
    • Base: 7.0
    • Temporal: 6.5
  • Severity:
    • Base: High
    • Temporal: Medium

Code Examples

Compliant code

Buffer readers should always be bounded

func NewReaderSize(rd io.Reader, size int) *Reader {
b, ok := rd.(*Reader)
if ok && len(b.buf) >= maxReadBufferSize {
return b
}
if size < minReadBufferSize {
size = minReadBufferSize
}
return &Reader{
buf: make([]byte, size),
rd: rd,
lastByte: -1,
lastRuneSize: -1,
}
}

Non compliant code

The application uses an unbounded buffer reader

func NewReaderSize(rd io.Reader, size int) *Reader {
b, ok := rd.(*Reader)
return &Reader{
buf: make([]byte, size),
rd: rd,
lastByte: -1,
lastRuneSize: -1,
}
}

Requirements