CWE-787 Out-of-bounds Write
What this means
SiteShadow flagged code that may write outside the bounds of a buffer/array.
Why it matters
Out-of-bounds writes can corrupt memory and enable RCE.
- High severity: memory corruption is a common path to RCE in native code.
- Crashes and data corruption even when RCE isn't achievable.
Safer examples
1) Use bounds-checked containers and safe APIs
Prefer languages and libraries that prevent OOB writes.
2) Validate sizes and indices before writing
Enforce maximums and check arithmetic that computes offsets/lengths (see CWE-190).
3) Use sanitizers and fuzzing in CI
ASan/UBSan + fuzzing are extremely effective at catching these early.
How SiteShadow detects it (high level)
- Flags unsafe write patterns and missing bounds checks.
- Prioritizes cases where write offsets/lengths are derived from untrusted inputs.
References
- CWE-787: https://cwe.mitre.org/data/definitions/787.html
---