CWE - CWE-158: Failure to Sanitize Null Byte or NUL Character (Draft 9)

Home > CWE List > CWE-158 Individual Dictionary Definition (Draft 9)

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

CWE-158 Individual Dictionary Definition (Draft 9)

Weakness ID

Status: Incomplete

158 (Weakness Variant)

Description

Summary

NUL characters or null bytes injected into an application through input can be used to compromise a system. As data is parsed, an injected NUL character or null byte may cause the process to take unexpected actions that result in an attack.

Potential Mitigations

Developers should anticipate that null characters or null bytes will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of black lists and white lists to ensure only valid, expected and appropriate input is processed by the system.

Observed Examples

Reference	Description
CVE-2005-2008	Source code disclosure using trailing null.
CVE-2005-3293	Source code disclosure using trailing null.
CVE-2005-2061	Trailing null allows file include.
CVE-2002-1774	Null character in MIME header allows detection bypass.
CVE-2000-0149
CVE-2000-0671
CVE-2001-0738
CVE-2001-1140
CVE-2002-1031
CVE-2002-1025
CVE-2003-0768
CVE-2004-0189	Decoding function in proxy allows regular expression bypass in ACLs via URLs with null characters.
CVE-2005-3153	Null byte bypasses PHP regexp check (interaction error).
CVE-2005-4155	Null byte bypasses PHP regexp check (interaction error).

Context Notes

This can be a factor in multiple interpretation errors, other interaction errors, filename equivalence, etc.

Relationships

Nature	Type	ID	Name
ChildOf	Weakness Class	138	Failure to Sanitize Special Elements

Source Taxonomies

PLOVER - Null Character / Null Byte

Applicable Platforms

All

Time of Introduction

Implementation

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
53	Postfix, Null Terminate, and Backslash
52	Embedding NULL Bytes

Page Last Updated: April 21, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us