UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6165 APP3590 SV-6165r2_rule DCSQ-1 High
Description
Buffer overflow attacks occur when improperly validated input is passed to an application overwriting of memory. Usually, buffer overflow errors stop execution of the application causing a minimum of denial of service and possibly a system call to a command shell giving the attacker access to the underlying operating system.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-3049r3_chk )
Ask the application representative for code review or scan results from the entire application. This can be provided as results from an automated code review or a vulnerability scanning tool. See section 5.4 of the Application Security and Development STIG for additional details on code review and tools.

If the results are provided from a manual code review, the results will need to describe how buffer overflow vulnerabilities and functions vulnerable to buffer overflows are identified during code reviews.

1) If scan results are provided and buffer overflow vulnerabilities have been identified in the report, this is a finding.

2) If scan results are provided but do not include the scan configuration settings which show that the application was tested for buffer overflows, this is a finding.

3) If manual test results are provided and the report does not confirm the lack of buffer overflows and also describe how buffer overflows and functions vulnerable to buffer overflows are identified during the code review, this is a finding.


*Note: For IPV6 capable applications, check existing libraries to ensure they are capable of processing the increased size of IPv6 addresses to avoid buffer overflows.
Fix Text (F-17110r1_fix)
Modify the application to protect against buffer overflows vulnerabilities.