CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.6)  

CWE-129: Improper Validation of Array Index

 
Improper Validation of Array Index
Weakness ID: 129 (Weakness Base)Status: Draft
+ Description

Description Summary

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
+ Alternate Terms
out-of-bounds array index
index-out-of-range
array index underflow
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

C

C++

+ Common Consequences
ScopeEffect
Availability

Unchecked array indexing will very likely result in the corruption of relevant memory and perhaps instructions, leading to a crash, if the values are outside of the valid memory area

Integrity

If the memory corrupted is data, rather than instructions, the system will continue to function with improper values.

Access Control

If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow.

+ Likelihood of Exploit

Medium

+ Demonstrative Examples

Example 1

In the code snippet below, an unchecked integer value is used to reference an object in an array.

(Bad Code)
Java
public String getValue(int index) {
return array[index];
}
+ Observed Examples
ReferenceDescription
CVE-2005-0369large ID in packet used as array index
CVE-2001-1009negative array index as argument to POP LIST command
CVE-2003-0721Integer signedness error leads to negative array index
CVE-2004-1189product does not properly track a count and a maximum number, which can lead to resultant array index overflow.
+ Potential Mitigations
PhaseDescription

Requirements specification: The choice could be made to use a language that is not susceptible to these issues.

Implementation

Include sanity checks to ensure the validity of any values used as index variables. In loops, use greater-than-or-equal-to, or less-than-or-equal-to, as opposed to simply greater-than, or less-than compare statements.

+ Other Notes

A single fault could allow both an overflow and underflow of the array index.

An index overflow exploit might use buffer overflow techniques, but this can often be exploited without having to provide "large inputs."

Array index overflows can also trigger out-of-bounds read operations, or operations on the wrong objects; i.e., "buffer overflows" are not always the result.

Unchecked array indexing, depending on its instantiation, can be responsible for any number of related issues. Most prominent of these possible flaws is the buffer overflow condition. Due to this fact, consequences range from denial of service, and data corruption, to full blown arbitrary code execution. The most common condition situation leading to unchecked array indexing is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function's return value, or the resulting value of a calculation directly as an index in to a buffer.

+ Weakness Ordinalities
OrdinalityDescription
Resultant
(where the weakness is typically related to the presence of some other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class20Improper Input Validation
Development Concepts (primary)699
Research Concepts (primary)1000
CanPrecedeWeakness ClassWeakness Class119Failure to Constrain Operations within the Bounds of a Memory Buffer
Research Concepts1000
ChildOfCategoryCategory189Numeric Errors
Development Concepts699
ChildOfCategoryCategory633Weaknesses that Affect Memory
Resource-specific Weaknesses (primary)631
ChildOfCategoryCategory738CERT C Secure Coding Section 04 - Integers (INT)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOfCategoryCategory740CERT C Secure Coding Section 06 - Arrays (ARR)
Weaknesses Addressed by the CERT C Secure Coding Standard734
CanPrecedeWeakness VariantWeakness Variant789Uncontrolled Memory Allocation
Research Concepts1000
PeerOfWeakness BaseWeakness Base124Buffer Underwrite ('Buffer Underflow')
Research Concepts1000
+ Affected Resources
  • Memory
+ Causal Nature

Explicit

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPUnchecked array indexing
PLOVERINDEX - Array index overflow
CERT C Secure CodingARR00-CUnderstand how arrays work
CERT C Secure CodingARR30-CGuarantee that array indices are within the valid range
CERT C Secure CodingARR38-CDo not add or subtract an integer to a pointer if the resulting value does not refer to a valid array element
CERT C Secure CodingINT32-CEnsure that operations on signed integers do not result in overflow
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Sean EidemillerCigitalExternal
added/updated demonstrative examples
2008-09-08CWE Content TeamMITREInternal
updated Alternate Terms, Applicable Platforms, Common Consequences, Relationships, Other Notes, Taxonomy Mappings, Weakness Ordinalities
2008-11-24CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2009-01-12CWE Content TeamMITREInternal
updated Common Consequences
2009-10-29CWE Content TeamMITREInternal
updated Description, Name, Relationships
Back to top
Page Last Updated: October 29, 2009
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us