CWE-170β€”Improper Null Termination

PUBLISHEDweakness recordMedium
released 2006-07-19 Β· last modified 2023-06-29

Metadata

CWE ID:
CWE-170
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2023-06-29

Weakness Name

Improper Null Termination

Description

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.

Common Consequences

Scope:
Confidentiality, Integrity, Availability
Impact:
Read Memory, Execute Unauthorized Code or Commands
Notes:
The case of an omitted null character is the most dangerous of the possible issues. This will almost certainly result in information disclosure, and possibly a buffer overflow condition, which may be exploited to execute arbitrary code.
Scope:
Confidentiality, Integrity, Availability
Impact:
DoS: Crash, Exit, or Restart, Read Memory, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Notes:
If a null character is omitted from a string, then most string-copying functions will read data until they locate a null character, even outside of the intended boundaries of the string. This could: cause a crash due to a segmentation fault cause sensitive adjacent memory to be copied and sent to an outsider trigger a buffer overflow when the copy is being written to a fixed-size buffer.
Scope:
Integrity, Availability
Impact:
Modify Memory, DoS: Crash, Exit, or Restart
Notes:
Misplaced null characters may result in any number of security problems. The biggest issue is a subset of buffer overflow, and write-what-where conditions, where data corruption occurs from the writing of a null character over valid data, or even instructions. A randomly placed null character may put the system into an undefined state, and therefore make it prone to crashing. A misplaced null character may corrupt other data in memory.
Scope:
Integrity, Confidentiality, Availability, Access Control, Other
Impact:
Alter Execution Logic, Execute Unauthorized Code or Commands
Notes:
Should the null character corrupt the process flow, or affect a flag controlling access, it may lead to logical errors which allow for the execution of arbitrary code.

Related Weaknesses