CWE-120 Buffer Overflow
Coverage status: Background only, this CWE is in scope but has no rules in the SiteShadow rule registry. Taint and heuristic analyzers may flag related patterns; see the coverage report and known gaps for the authoritative list.
What this means
SiteShadow flagged code where input could exceed the size of a fixed buffer (classic buffer overflow).
Why it matters
Buffer overflows can lead to crashes or code execution.
- RCE risk in native code paths.
- DoS via crashes when malformed inputs are processed.
Safer examples
1) Use bounds-checked operations
Prefer safe string/array APIs that require explicit sizes and check bounds.
2) Enforce input size limits early
Reject oversized inputs before parsing, decoding, or copying (see INPUT01/02, CWE-400).
3) Use fuzzing and sanitizers for native code
Fuzzers + ASan catch buffer overflows reliably during testing.
How SiteShadow detects it (high level)
- Flags unsafe copy patterns and missing bounds checks.
- Prioritizes parsing/decoding code fed by untrusted input.
References
- CWE-120: https://cwe.mitre.org/data/definitions/120.html
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.