Details
Alert Id 30001
Alert Type Active
Status release
Risk Medium
CWE 120
WASC 7
Technologies Targeted Language / C
Tags OWASP_2017_A01
OWASP_2021_A03

Summary

Buffer overflow errors are characterized by the overwriting of memory spaces of the background web process, which should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction Pointer), BP (Base Pointer) and other registers causes exceptions, segmentation faults, and other process errors to occur. Usually these errors end execution of the application in an unexpected way.

Solution

Rewrite the background program using proper return length checking. This will require a recompile of the background executable.

References

Code

org/zaproxy/zap/extension/ascanrules/BufferOverflowScanRule.java