BF Specification of CVE-2018-14557

Erroneous declaration of the 's' object leads to a wrong type (char instead of an array of chars), allowing a pointer reposition over its bounds, which, when used in 'sprintf()' leads to stack buffer overflow. If exploited, this can lead to denial of service.



Bug ReportCode with BugCode with FixNVD Entry
DCLAn object, a function, a type, or a namespace is declared or defined improperly.
MADThe pointer to an object is initialized, repositioned, or reassigned to an improper memory address.
MUSAn object is initialized, read, written, or cleared improperly.
DeclareSpecify the name and type of an object; the name, return type, and parameters of a function; or the name and type parameters of a type.
RepositionChange the pointer to another position inside its object.
WriteChange the data value of an object to another meaningful value.
Code Defect BugThe operation has a bug, which is the first cause for the chain of weaknesses underlying a software security vulnerability. The bug must be fixed to resolve the vulnerability.
   Erroneous CodeThe operation implementation has a bug.
TypeThe set or range of allowed values is wrong or the operations allowed on them are wrong.
   Wrong TypeA data type range or structure is not correct.
Address Error/FaultThe object address in use is wrong.
   Over Bounds PointerPoints above the upper boundary of its object.
Memory Corruption/Disclosure Final ErrorAn exploitable or undefined system behavior caused by memory addressing, allocation, use, and deallocation bugs.
   Buffer OverflowWrites above the upper bound of an object -- aka Buffer Over-Write.
Operation AttributeDefinition
MechanismShows how the buggy/faulty operation code is performed.
   SequentialThe operation is performed after iterating over the object elements.
Source CodeShows where the buggy/faulty operation code is in the program -- in what kind of software.
   CodebaseThe operation is in the programmer's code - in the application itself.
Execution SpaceShows where the buggy/faulty operation code is running or with what privilege level).
   Bare-MetalThe bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware.
Operand AttributeDefinition
Name KindShows what the entity with this name is.
   Data TypeA set of allowed values and the operations allowed over them.
Type KindShows what the data type composition is.
   PrimitiveA scalar data type that mimics the hardware units - e.g., int (long, short, signed), float, double, string, Boolean. A primitive data type is only language defined and is not built from other data types.
Address StateShows where the address is in the memory layout.
   StackThe object is a non-static local variable (defined in a function, a passed parameter, or a function return address).
Size KindShows what the limit for traversal of the object is.
   ActualThe real size of an object.