Integer Overflow occurs when an arithmetic operation attempts to create a numeric value that exceeds the maximum limit of the data type used to store it. Similarly, Integer Wraparound happens when the numeric value “wraps around”, cycling back to the minimum limit.
CWE-119 pertains to scenarios where software operations exceed the allocated memory buffer’s boundaries, leading to buffer overflows. This flaw can result in various adverse consequences, including data corruption, application crashes, and security vulnerabilities exploitable by attackers. A buffer overflow occurs when data written to a memory buffer exceeds its storage capacity, potentially overwriting adjacent memory locations.
At its core, SSRF arises when an attacker can manipulate a server to send HTTP requests to arbitrary destinations, often bypassing firewalls, access controls, and other security measures. The vulnerability stems from improper validation of user-supplied URLs or inputs that dictate server-side request behaviour.
CWE-863: Incorrect Authorisation occurs when an application fails to enforce correct authorisation measures, allowing unauthorised users or processes to access resources, perform operations, or retrieve data that should be off-limits. It is sometimes conflated with authentication flaws, but the essence of CWE-863 lies in improper or missing checks that would otherwise confirm if a user has the necessary permissions to perform a specific action.
From a technical standpoint, one might imagine an application employing robust identity verification (authentication) only to overlook critical checks about what a user is allowed to do once logged in (authorisation). This oversight can be the gateway to data leaks, privilege escalation, or even sabotage of core business processes.
Improper input validation occurs when a software application fails to verify that input received is within the expected range, format, type, or value before processing. This weakness paves the way for a variety of security exploits, including injection attacks, buffer overflows, and data manipulation, which can compromise application functionality and user data.