Null Byte Interaction Error (Poison Null Byte)
Weakness ID: 626 (Weakness Variant) Status: Draft
The product does not properly
handle null bytes or NUL characters when passing data between different representations or components.
A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with
unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected.
Time of Introduction
Technical Impact: Unexpected state
CVE-2005-4155 NUL byte bypasses PHP regular expression
CVE-2005-3153 inserting SQL after a NUL byte bypasses whitelist
regexp, enabling SQL injection
Remove null bytes from all incoming strings.
The poison null byte is frequently useful in path traversal attacks by
terminating hard-coded extensions that are added to a filename. It can play
a role in regular expression processing in PHP.
There are not many CVE examples, because the poison NULL byte is
a design limitation, which typically is not included in CVE by itself;
it is typically used as a facilitator manipulation to widen the scope
of potential attacks against other vulnerabilities.
Current (2007) usage of "poison null byte" is typically related to this
C/Perl/PHP interaction error, but the original term in 1998 was applied to
an off-by-one buffer overflow involving a null byte.
the weakness exists independent of other weaknesses)
Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Applicable_Platforms, Description, Relationships,
Observed_Example, Other_Notes, Weakness_Ordinalities 2011-03-29 CWE Content Team MITRE Internal updated Other_Notes 2011-06-01 CWE Content Team MITRE Internal updated Common_Consequences 2011-06-27 CWE Content Team MITRE Internal updated Common_Consequences 2012-05-11 CWE Content Team MITRE Internal updated Relationships 2012-10-30 CWE Content Team MITRE Internal updated Potential_Mitigations