Documentation - V-222612

V-222612

Application Security and Development Security Technical Implementation Guide

CAT I

Title

The application must not be vulnerable to overflow attacks.

Description

<VulnDiscussion>A buffer overflow occurs when a program exceeds the amount of data allocated to a buffer. The buffer is a sequential section of memory and when the data is written outside the memory bounds, the program can crash or malicious code can be executed. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can either be hardware-enforced or software-enforced with hardw...

Fix Text (Documentation Requirement)

Design the application to use a language or compiler that performs automatic bounds checking. Use an abstraction library to abstract away risky APIs. Use compiler-based canary mechanisms such as StackGuard, ProPolice, and the Microsoft Visual Studio/GS flag. Use OS-level preventative functionality and control user input validation. Patch applications when overflows are identified in vendor products.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel