|
|
|
|
CWE-129 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 129 (Weakness Base) | | Description | Summary Unchecked array indexing occurs when an unchecked value is used as an index
into a buffer. | | Alternate Terms | "out-of-bounds array index" or "index-out-of-range" or "array index
underflow" | | Likelihood of Exploit | Medium | | Weakness Ordinality | Resultant (Weakness is typically related to the presence of some other weaknesses) | | Causal Nature | Explicit (This is an explicit weakness resulting from behavior of the developer) | | Affected Resource | Memory | | Common Consequences | Availability: Unchecked array indexing will very likely result in
the corruption of relevant memory and perhaps instructions, leading to a crash, if
the values are outside of the valid memory area Integrity: If the memory corrupted is data, rather than
instructions, the system will continue to function with improper values. Access Control: If the memory corrupted memory can be effectively
controlled, it may be possible to execute arbitrary code, as with a standard buffer
overflow. | | Potential Mitigations | Requirements specification: The choice could be made to use a language that
is not susceptible to these issues. Implementation: Include sanity checks to ensure the validity of any values
used as index variables. In loops, use greater-than-or-equal-to, or
less-than-or-equal-to, as opposed to simply greater-than, or less-than compare
statements. | | Observed Examples | | Reference | Description |
|---|
| CVE-2005-0369 | large ID in packet used as array index | | CVE-2001-1009 | negative array index as argument to POP LIST command | | CVE-2003-0721 | Integer signedness error leads to negative array index | | CVE-2004-1189 | product does not properly track a count and a maximum number, which can
lead to resultant array index overflow. |
| | Context Notes | A single fault could allow both an overflow and underflow of the array index. An index overflow exploit might use buffer overflow techniques, but this can
often be exploited without having to provide "large inputs." Array index overflows can also trigger out-of-bounds read operations, or
operations on the wrong objects; i.e., "buffer overflows" are not always the result. Unchecked array indexing, depending on its instantiation, can be responsible
for any number of related issues. Most prominent of these possible flaws is the buffer
overflow condition. Due to this fact, consequences range from denial of service, and
data corruption, to full blown arbitrary code execution. The most common condition
situation leading to unchecked array indexing is the use of loop index variables as
buffer indexes. If the end condition for the loop is subject to a flaw, the index can
grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another
common situation leading to this condition is the use of a function's return value, or
the resulting value of a calculation directly as an index in to a buffer. | | Relationships | | | Source Taxonomies | CLASP - Unchecked array indexing PLOVER - INDEX - Array index overflow | | Applicable Platforms | C C++ | | Time of Introduction | Implementation |
|