MITRE
cwe.mitre.org › data › definitions › 131.html
CWE - CWE-131: Incorrect Calculation of Buffer Size (4.20)
Common Weakness Enumeration (CWE) is a list of software weaknesses.
Security Database
security-database.com › cwe.php
CWE-131 - Security Database
It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be. So if the user ever requests MAX_NUM_WIDGETS, there is an off-by-one buffer overflow (CWE-193) when the NULL is assigned.
MITRE
cwe.mitre.org › data › definitions › 131
CWE - CWE-131: Incorrect Calculation of Buffer Size (4.17)
Common Weakness Enumeration (CWE) is a list of software weaknesses.
CVE Details
cvedetails.com › vulnerability-list.php
Security vulnerabilities, CVEs, related to CWE-131
CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.
GitHub
github.com › wcventure › Static-Analysis-Rules › blob › master › Summary of static analysis in C & C++ › checkingRules › error_mismatchSize_CWE131.md
Static-Analysis-Rules/Summary of static analysis in C & C++/checkingRules/error_mismatchSize_CWE131.md at master · wcventure/Static-Analysis-Rules
<error id="mismatchSize" severity="error" msg="The allocated size sz is not a multiple of the underlying type's size." verbose="The allocated size sz is not a multiple of the underlying type's size." cwe="131"/>
Author wcventure
HackerOne
hackerone.com › hacktivity › cwe_discovery
CWE-131
It looks like your JavaScript is disabled. To use HackerOne, enable JavaScript in your browser and refresh this page
aldeid
aldeid.com › wiki › CWE-SANS-Top-25 › Risky-resource-management › CWE-131
CWE-SANS-Top-25/Risky-resource-management/CWE-131 - aldeid
November 23, 2013 - Talk:CWE-SANS-Top-25/Risky-resource-management/CWE-131
CVE Details
cvedetails.com › vulnerability-list › cweid-131 › vulnerabilities.html
Security vulnerabilities, CVEs,
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries · In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit ...
CVE Details
cvedetails.com › cwe-details › 131 › Incorrect-Calculation-of-Buffer-Size.html
Incorrect Calculation of Buffer Size - CWE-131
CWE (Common weakness enumeration) 131: Incorrect Calculation of Buffer Size
Mondoo
mondoo.com › vulnerability-intelligence › cwe › CWE-131
CWE-131: Incorrect Calculation of Buffer Size
Font rendering library does not properly handle assigning a signed short value to an unsigned long (CWE-195), leading to an integer wraparound (CWE-190), causing too small of a buffer (CWE-131), leading to an out-of-bounds write (CWE-787).CVE-2020-17087
SANS Institute
sans.org › blog › top-25-series-rank-18-incorrect-calculation-of-buffer-size
SANS Institute | Top 25 Series - Rank 18 - Incorrect Calculation of Buffer Size | SANS Institute
March 19, 2010 - Incorrect Calculation of Buffer Size (CWE-131) is another shameful member in the buffer overflow family.
Top answer 1 of 3
1
Please take a look at this link https://community.veracode.com/s/question/0D53n00007YVaMrCAL/how-to-fix-flaws-for-cwe-id-113-http-response-splitting
It is likely the reason the flaw continues to be reported is because the functions you are using are not in the list of Supported Cleansing Functions, which you can find in the Help Center here: https://help.veracode.com/go/review_cleansers. For example the supported function org.owasp.encoder.Encode.forJava() would cleanse for CWE-113, as well as CWE-117, CWE-80 and CWE-93. Please note that it is important to select the appropriate cleansing function for the context.
2 of 3
0
string ReplaceHTTPRequestValue(string Value)
{
string NonCRLF = string.Empty;
foreach (char item in Value)
{
NonCRLF += item.ToString().Replace("\n", "").Replace("\r","");
}
return NonCRLF;
}
MITRE
cwe.mitre.org › data › published › cwe_v3.2.pdf pdf
CWE Version 3.2 - Common Weakness Enumeration
CWE-131: Incorrect Calculation of Buffer Size.................................................................................................
Veracode
community.veracode.com › s › topic › 0TO2T000000kHBAWA2 › cwe-113
CWE 113
How to Fix flaws for CWE ID 113 : HTTP Response Splitting.
MITRE
cwe.mitre.org › data › definitions › 113.html
CWE - CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') (4.20)
Common Weakness Enumeration (CWE) is a list of software weaknesses.
MITRE
cwe.mitre.org › data › published › cwe_v4.13.pdf pdf
CWE Version 4.13 - Common Weakness Enumeration - MITRE
CWE-131: Incorrect Calculation of Buffer Size.................................................................................................
NIST
nvd.nist.gov › vuln › categories
NVD CWE Slice
The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture. Each individual CWE represents a single vulnerability type.
SciSpace
scispace.com › pdf › a-basic-cwe-121-buffer-overflow-effectiveness-test-suite-4ihw0ish60.pdf pdf
A Basic CWE-121 Buffer Overflow Effectiveness Test Suite
classified under CWEs 120, 123, or 131. We did not · use any of them since some may not be stack-based. The SRD also has 28 moderate sized cases ex- tracted [7] from applications, such as BIND and Send- mail. We did not use these since they were much bigger. 2.3. Stage 2: Run Tools on Test Cases · While collecting cases, we identified and installed ·