Details
Alert Id 30001
Alert Type Active Scan Rule
Status release
Risk Medium
CWE 120
WASC 7

Summary

Buffer overflow errors are characterized by the overwriting of memory spaces of the background web process, which should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction Pointer), BP (Base Pointer) and other registers causes exceptions, segmentation faults, and other process errors to occur. Usually these errors end execution of the application in an unexpected way.

Solution

Rewrite the background program using proper return length checking. This will require a recompile of the background executable.

References

Code

org/zaproxy/zap/extension/ascanrules/BufferOverflowScanRule.java