|
|
|
|
CWE-158 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Incomplete 158 (Weakness Variant) | | Description | Summary NUL characters or null bytes injected into an application through input can be used to
compromise a system. As data is parsed, an injected NUL character or null byte may cause the
process to take unexpected actions that result in an attack. | | Potential Mitigations | Developers should anticipate that null characters or null bytes will be
injected/removed/manipulated in the input vectors of their software system. Use an appropriate
combination of black lists and white lists to ensure only valid, expected and appropriate
input is processed by the system. | | Observed Examples | | | Context Notes | This can be a factor in multiple interpretation errors, other interaction errors,
filename equivalence, etc. | | Relationships | | | Source Taxonomies | PLOVER - Null Character / Null Byte | | Applicable Platforms | All | | Time of Introduction | Implementation | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 53 | Postfix, Null Terminate, and Backslash | | 52 | Embedding NULL Bytes |
|
|