CWE-120

A buffer overflow occurs when data is written beyond the boundaries of allocated memory. In compiled binaries, this can be exploited to execute arbitrary code o...

Verified by Precogs Threat Research
BASE SCORE
7.5 CRITICAL

Precogs AI Insight

"Precogs AI Binary SAST detects buffer overflow patterns in compiled code through AI-powered control flow analysis, flagging unsafe memory operations even without source code access."

EXPLOIT PROBABILITYHigh
PUBLIC POCAvailable

What is CWE-120 (Buffer Copy without Checking Size of Input (Buffer Overflow))?

A buffer overflow occurs when data is written beyond the boundaries of allocated memory. In compiled binaries, this can be exploited to execute arbitrary code or crash the system. Common in firmware and embedded systems written in C/C++.

Vulnerability Insights

In the context of binary ai-powered sast vulnerabilities, this vulnerability poses significant risk because compiled binaries and complex AI logic cannot be easily patched without vendor cooperation. Organizations relying on third-party software must use structural analysis tools to detect these flaws.

Impact on Systems

  • Denial of Service: Application crash due to corrupted memory
  • Arbitrary Code Execution: Leveraging overwritten instruction pointers
  • Data Manipulation: Altering adjacent variables in memory

Real-World Attack Scenario

By supplying input larger than the allocated 10 bytes, an attacker triggers a classic buffer overflow. The excess data spills into adjacent memory spaces, corrupting execution flow or altering critical variables, allowing them to force the application to execute arbitrary payloads or crash reliably.

Code Examples

Vulnerable Implementation

char dst[10];
// VULNERABLE: No checking on the source length before copying
strcpy(dst, src);

Secure Alternative

char dst[10];
// SECURE: Use safer alternatives with strict length limitations
snprintf(dst, sizeof(dst), "%s", src);

Remediation

Ensure robust input validation, boundary checking, and adherence to secure architecture frameworks when designing Binary SAST solutions. Use automated code scanning or binary analysis to detect flaws early in the SDLC.

CVEs Classified Under CWE-1207 vulnerabilities

The following CVEs have been classified under CWE-120 (Buffer Copy without Checking Size of Input (Buffer Overflow)). Each CVE represents a specific vulnerability instance of this weakness type.

CVE-2026-4488A vulnerability was identified in UTT HiPER 1250GW up to 3
CVSS 8.8HIGHMar 20, 2026
CVE-2026-4487A vulnerability was determined in UTT HiPER 1200GW up to 2
CVSS 8.8HIGHMar 20, 2026
CVE-2026-4318A vulnerability was determined in UTT HiPER 810G up to 1
CVSS 8.8HIGHMar 17, 2026
CVE-2026-4227A security vulnerability has been detected in LB-LINK BL-WR9000 2
CVSS 8.8HIGHMar 16, 2026
CVE-2026-32706PX4 autopilot is a flight control solution for drones
CVSS 7.1HIGHMar 16, 2026
CVE-2026-0849Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution
CVSS 3.8LOWMar 16, 2026
CVE-2026-27459pyOpenSSL is a Python wrapper around the OpenSSL library
CVSS 0UNKNOWNMar 18, 2026

Supplemental Intelligence & References

📖 Security Guides

🛡️ Notable Vulnerabilities

🔗 External References