Yousif D.

LinkedIn

2. CWE-787: Out-of-bounds Write

The software application writes past the end or before the beginning of the intended buffer.This is also known as memory corruption. This can lead to data corruption, application crash or code execution.

Below is the diagram that illustrates out-of-bounds write.




Out-of-bounds Write in python

Out-of-bounds write is less likely to occur in python due to its built-in memory safety mechanisms.


Mitigation

  • Use a language that doesn't allow this weakness to occur. (e.g. Python, Rust and Go).
  • Use a framework or vetted library that doesn't allow this weakness to occur (e.g. Safe C String library).
  • Perform explicit bound checking and prevent writing data past the allocated size .