SiteShadow
Back to vulnerability library
Detected byCWE-aware static analysisPro

CWE-787 Out-of-bounds Write

Coverage status: Background only, this CWE is in scope but has no rules in the SiteShadow rule registry. Taint and heuristic analyzers may flag related patterns; see the coverage report and known gaps for the authoritative list.

What this means

SiteShadow flagged code that may write outside the bounds of a buffer/array.

Why it matters

Out-of-bounds writes can corrupt memory and enable RCE.

Safer examples

1) Use bounds-checked containers and safe APIs

Prefer languages and libraries that prevent OOB writes.

2) Validate sizes and indices before writing

Enforce maximums and check arithmetic that computes offsets/lengths (see CWE-190).

3) Use sanitizers and fuzzing in CI

ASan/UBSan + fuzzing are extremely effective at catching these early.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.