Home/CAPEC/Buffer Overflow via Environment Variables
Attack Pattern

Buffer Overflow via Environment Variables

CAPEC-10 · Detailed · Draft
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the adversary finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
likelihood: High severity: High

Targets These Weaknesses (CWE)

10
The underlying weaknesses this attack pattern exploits. Follow into a CWE to see affected CVEs and its relationship tree.
CWE-118Incorrect Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-20Improper Input Validation
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-99Improper Control of Resource Identifiers ('Resource Injection')
External lookups - second-class, for what we don’t hold ourselves
MITRE CAPEC
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin