Security News > 2021 > September > 2021’s Most Dangerous Software Weaknesses

Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers.

Without a way to look into memory, or create illegal commands, and interpret the results in terms of an attack, they are limited in their ability to identify security vulnerabilities.

If an attacker is in possession of a specific memory address within an executable application, he can use it to enter values or commands that exceed the size of that memory space.

If developers haven't limited variable lengths, an overrun can allow an attacker to write malicious code directly into application memory.

If an attacker has managed to get the memory address, he can gain access to the free memory list, and insert malicious software into free memory.

Further, the memory isn't wiped clean when it is returned to the free memory list, enabling attackers to read the contents of that memory.

News URL

https://threatpost.com/2021-angerous-software-weaknesses/169458/