Details
Alert ID 30001
Alert Type Active
Status release
Risk Medium
CWE 120
WASC 7
Technologies Targeted Language / C
Tags CWE-120
OWASP_2017_A01
OWASP_2021_A03
POLICY_API
More Info Scan Rule Help

Summary

Buffer overflow errors are characterized by the overwriting of memory spaces of the background web process, which should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction Pointer), BP (Base Pointer) and other registers causes exceptions, segmentation faults, and other process errors to occur. Usually these errors end execution of the application in an unexpected way.

Solution

Rewrite the background program using proper return length checking. This will require a recompile of the background executable.

Other Info

Potential Buffer Overflow. The script closed the connection and threw a 500 Internal Server Error.

References

Code

org/zaproxy/zap/extension/ascanrules/BufferOverflowScanRule.java