CWE-787

What is CWE-787 (Out-of-bounds Write)?

Writing data past the end or before the beginning of a buffer during runtime execution. Detectable through runtime instrumentation and fuzzing of compiled binaries.

Vulnerability Insights

In the context of binary ai-powered dast vulnerabilities, this vulnerability poses significant risk because compiled binaries and complex AI logic cannot be easily patched without vendor cooperation. Organizations relying on third-party software must use structural analysis tools to detect these flaws.

Impact on Systems

• Memory Corruption: Crashing the application resulting in Denial of Service
• Remote Code Execution: Exploiting the overwritten stack to execute shellcode
• Control Flow Hijacking: Modifying pointers to change program execution

Real-World Attack Scenario

The attacker sends a crafted payload exceeding 64 bytes to the application. The strcpy function blindly writes the long input past the end of the buffer, overwriting the return address on the stack. When the function returns, the processor transfers execution control to the attacker's injected shellcode, resulting in remote code execution.

Code Examples

Vulnerable Implementation

void copy_data(char *input) {
    char buffer[64];
    // VULNERABLE: Copies into a fixed buffer without bounds checking
    strcpy(buffer, input);
}

Secure Alternative

void copy_data(char *input) {
    char buffer[64];
    // SECURE: Limits the copy to the size of the destination buffer
    strncpy(buffer, input, sizeof(buffer) - 1);
    buffer[sizeof(buffer) - 1] = '\0';
}

Remediation

Ensure robust input validation, boundary checking, and adherence to secure architecture frameworks when designing Binary DAST solutions. Use automated code scanning or binary analysis to detect flaws early in the SDLC.