The product uses untrusted input when calculating or using an
array index, but the product does not validate or incorrectly validates the
index to ensure the index references a valid position within the array.
Alternate Terms
out-of-bounds array index
index-out-of-range
array index underflow
Time of Introduction
Implementation
Applicable Platforms
Languages
C
C++
Common Consequences
Scope
Effect
Availability
Unchecked array indexing will very likely result in the corruption of
relevant memory and perhaps instructions, leading to a crash, if the
values are outside of the valid memory area
Integrity
If the memory corrupted is data, rather than instructions, the system
will continue to function with improper values.
Access Control
If the memory accessible by the attacker can be effectively
controlled, it may be possible to execute arbitrary code, as with a
standard buffer overflow.
Likelihood of Exploit
Medium
Demonstrative Examples
Example 1
In the code snippet below, an unchecked integer value is used to
reference an object in an array.
product does not properly track a count and a
maximum number, which can lead to resultant array index
overflow.
Potential Mitigations
Phase
Description
Requirements specification: The choice could be made to use a language
that is not susceptible to these issues.
Implementation
Include sanity checks to ensure the validity of any values used as
index variables. In loops, use greater-than-or-equal-to, or
less-than-or-equal-to, as opposed to simply greater-than, or less-than
compare statements.
Other Notes
A single fault could allow both an overflow and underflow of the array
index.
An index overflow exploit might use buffer overflow techniques, but this
can often be exploited without having to provide "large inputs."
Array index overflows can also trigger out-of-bounds read operations, or
operations on the wrong objects; i.e., "buffer overflows" are not always the
result.
Unchecked array indexing, depending on its instantiation, can be
responsible for any number of related issues. Most prominent of these
possible flaws is the buffer overflow condition. Due to this fact,
consequences range from denial of service, and data corruption, to full
blown arbitrary code execution. The most common condition situation leading
to unchecked array indexing is the use of loop index variables as buffer
indexes. If the end condition for the loop is subject to a flaw, the index
can grow or shrink unbounded, therefore causing a buffer overflow or
underflow. Another common situation leading to this condition is the use of
a function's return value, or the resulting value of a calculation directly
as an index in to a buffer.
Weakness Ordinalities
Ordinality
Description
Resultant
(where the
weakness is typically related to the presence of some other
weaknesses)