CWE - CWE-129: Unchecked Array Indexing (1.4)

Home > CWE List > CWE- Individual Dictionary Definition (1.4)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-129: Unchecked Array Indexing

Individual Definition in a New Window

Unchecked Array Indexing

Status: Draft

Weakness ID: 129 (Weakness Base)

Description

Summary

Unchecked array indexing occurs when an unchecked value is used as an index into a buffer.

Alternate Terms

out-of-bounds array index

index-out-of-range

array index underflow

Time of Introduction

Implementation

Applicable Platforms

Languages

C++

Common Consequences

Availability

Unchecked array indexing will very likely result in the corruption of relevant memory and perhaps instructions, leading to a crash, if the values are outside of the valid memory area

Integrity

If the memory corrupted is data, rather than instructions, the system will continue to function with improper values.

Access Control

If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow.

Likelihood of Exploit

Medium

Demonstrative Examples

In the code snippet below, an unchecked integer value is used to reference an object in an array.

Java Example:

public String getValue(int index) {

return array[index];

}

Observed Examples

Reference	Description
CVE-2001-1009	negative array index as argument to POP LIST command
CVE-2003-0721	Integer signedness error leads to negative array index
CVE-2004-1189	product does not properly track a count and a maximum number, which can lead to resultant array index overflow.
CVE-2005-0369	large ID in packet used as array index

Potential Mitigations

Requirements specification: The choice could be made to use a language that is not susceptible to these issues.

Implementation

Include sanity checks to ensure the validity of any values used as index variables. In loops, use greater-than-or-equal-to, or less-than-or-equal-to, as opposed to simply greater-than, or less-than compare statements.

Other Notes

A single fault could allow both an overflow and underflow of the array index.

An index overflow exploit might use buffer overflow techniques, but this can often be exploited without having to provide "large inputs."

Array index overflows can also trigger out-of-bounds read operations, or operations on the wrong objects; i.e., "buffer overflows" are not always the result.

Unchecked array indexing, depending on its instantiation, can be responsible for any number of related issues. Most prominent of these possible flaws is the buffer overflow condition. Due to this fact, consequences range from denial of service, and data corruption, to full blown arbitrary code execution. The most common condition situation leading to unchecked array indexing is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function's return value, or the resulting value of a calculation directly as an index in to a buffer.

Weakness Ordinalities

Resultant (where the weakness is typically related to the presence of some other weaknesses)

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Class	119	Failure to Constrain Operations within the Bounds of a Memory Buffer	Development Concepts (primary)699 Research Concepts (primary)1000
ChildOf	Category	189	Numeric Errors	Development Concepts699
ChildOf	Category	633	Weaknesses that Affect Memory	Resource-specific Weaknesses (primary)631
ChildOf	Category	738	CERT C Secure Coding Section 04 - Integers (INT)	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf	Category	740	CERT C Secure Coding Section 06 - Arrays (ARR)	Weaknesses Addressed by the CERT C Secure Coding Standard734
PeerOf	Weakness Base	124	Boundary Beginning Violation ('Buffer Underwrite')	Research Concepts1000

Affected Resources

Memory

Causal Nature

Explicit (an explicit weakness resulting from behavior of the developer)

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Mapped Node Name
CLASP		Unchecked array indexing
PLOVER		INDEX - Array index overflow
CERT C Secure Coding	ARR00-C	Understand how arrays work
CERT C Secure Coding	ARR30-C	Guarantee that array indices are within the valid range
CERT C Secure Coding	ARR38-C	Do not add or subtract an integer to a pointer if the resulting value does not refer to a valid array element
CERT C Secure Coding	INT32-C	Ensure that operations on signed integers do not result in overflow

Content History

Submissions

CLASP. (Externally Mined)

Modifications

Sean Eidemiller. Cigital. 2008-07-01. (External)

added/updated demonstrative examples

CWE Content Team. MITRE. 2008-09-08. (Internal)

updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities

CWE Content Team. MITRE. 2008-11-24. (Internal)

updated Relationships, Taxonomy_Mappings

CWE Content Team. MITRE. 2009-01-12. (Internal)

updated Common_Consequences

Page Last Updated: May 26, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us