Scope | Impact | Likelihood |
---|---|---|
Integrity | Technical Impact: Modify Application Data Generally this error will cause the data structure to not work properly by truncating the data. |
Phases: Implementation; Architecture and Design
Phase: Implementation
Phase: Architecture and Design
Phase: Operation
Nature | Type | ID | Name |
---|---|---|---|
ChildOf | ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 138 | Improper Neutralization of Special Elements |
PeerOf | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 170 | Improper Null Termination |
PeerOf | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 463 | Deletion of Data Structure Sentinel |
Nature | Type | ID | Name |
---|---|---|---|
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 137 | Data Neutralization Issues |
Phase | Note |
---|---|
Implementation |
Languages
C (Undetermined Prevalence)
C++ (Undetermined Prevalence)
Example 1
The following example assigns some character values to a list of characters and prints them each individually, and then as a string. The third character value is intended to be an integer taken from user input and converted to an int.
The first print statement will print each character separated by a space. However, if a non-integer is read from stdin by getc, then atoi will not make a conversion and return 0. When foo is printed as a string, the 0 at character foo[2] will act as a NULL terminator and foo[3] will never be printed.
Nature | Type | ID | Name |
---|---|---|---|
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 741 | CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR) |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 875 | CERT C++ Secure Coding Section 07 - Characters and Strings (STR) |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 977 | SFP Secondary Cluster: Design |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1407 | Comprehensive Categorization: Improper Neutralization |
Usage: ALLOWED
Reason: Acceptable-Use
Rationale:
This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments:
Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
CLASP | Addition of data-structure sentinel | ||
CERT C Secure Coding | STR03-C | Do not inadvertently truncate a null-terminated byte string | |
CERT C Secure Coding | STR06-C | Do not assume that strtok() leaves the parse string unchanged |
Submissions | |||
---|---|---|---|
Submission Date | Submitter | Organization | |
2006年07月19日 (CWE Draft 3, 2006年07月19日) | CLASP | ||
Modifications | |||
Modification Date | Modifier | Organization | |
2008年07月01日 | Eric Dalci | Cigital | |
updated Time_of_Introduction | |||
2008年09月08日 | CWE Content Team | MITRE | |
updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings | |||
2008年11月24日 | CWE Content Team | MITRE | |
updated Relationships, Taxonomy_Mappings | |||
2009年07月27日 | CWE Content Team | MITRE | |
updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships | |||
2011年06月01日 | CWE Content Team | MITRE | |
updated Common_Consequences | |||
2011年06月27日 | CWE Content Team | MITRE | |
updated Common_Consequences | |||
2011年09月13日 | CWE Content Team | MITRE | |
updated Relationships, Taxonomy_Mappings | |||
2012年05月11日 | CWE Content Team | MITRE | |
updated Relationships | |||
2012年10月30日 | CWE Content Team | MITRE | |
updated Potential_Mitigations | |||
2014年07月30日 | CWE Content Team | MITRE | |
updated Relationships | |||
2017年11月08日 | CWE Content Team | MITRE | |
updated Demonstrative_Examples, Likelihood_of_Exploit, Taxonomy_Mappings | |||
2020年02月24日 | CWE Content Team | MITRE | |
updated References, Relationships | |||
2023年04月27日 | CWE Content Team | MITRE | |
updated Relationships, Time_of_Introduction | |||
2023年06月29日 | CWE Content Team | MITRE | |
updated Mapping_Notes | |||
Previous Entry Names | |||
Change Date | Previous Entry Name | ||
2008年04月11日 | Addition of Data-structure Sentinel | ||
Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.