CWE-170Improper Null Termination

PUBLISHEDweakness recordMedium
released 2006-07-19 · last modified 2023-06-29

Metadata

CWE ID:
CWE-170
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2023-06-29

名称

Improper Null Termination

描述

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.

常见后果

范围:
Confidentiality, Integrity, Availability
影响:
Read Memory, Execute Unauthorized Code or Commands
注释:
The case of an omitted null character is the most dangerous of the possible issues. This will almost certainly result in information disclosure, and possibly a buffer overflow condition, which may be exploited to execute arbitrary code.
范围:
Confidentiality, Integrity, Availability
影响:
DoS: Crash, Exit, or Restart, Read Memory, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
注释:
If a null character is omitted from a string, then most string-copying functions will read data until they locate a null character, even outside of the intended boundaries of the string. This could: cause a crash due to a segmentation fault cause sensitive adjacent memory to be copied and sent to an outsider trigger a buffer overflow when the copy is being written to a fixed-size buffer.
范围:
Integrity, Availability
影响:
Modify Memory, DoS: Crash, Exit, or Restart
注释:
Misplaced null characters may result in any number of security problems. The biggest issue is a subset of buffer overflow, and write-what-where conditions, where data corruption occurs from the writing of a null character over valid data, or even instructions. A randomly placed null character may put the system into an undefined state, and therefore make it prone to crashing. A misplaced null character may corrupt other data in memory.
范围:
Integrity, Confidentiality, Availability, Access Control, Other
影响:
Alter Execution Logic, Execute Unauthorized Code or Commands
注释:
Should the null character corrupt the process flow, or affect a flag controlling access, it may lead to logical errors which allow for the execution of arbitrary code.

相关 CWE