CWE-170: Improper Null Termination

ID CWE-170

Abstraction Base

Structure Simple

Status Incomplete

Number of CVEs 26

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.

Modes of Introduction

Phase	Note
Implementation

Applicable Platforms

Type	Class	Name	Prevalence
Language		C
Language		C++

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-707	Improper Neutralization	Pillar	Simple	Incomplete
CWE-1000	Research Concepts	Draft	CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')	Base	Simple	Incomplete
CWE-1000	Research Concepts	Draft	CWE-126	Buffer Over-read	Variant	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-147	Improper Neutralization of Input Terminators	Variant	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-464	Addition of Data Structure Sentinel	Base	Simple	Incomplete
CWE-1000	Research Concepts	Draft	CWE-463	Deletion of Data Structure Sentinel	Base	Simple	Incomplete
CWE-700	Seven Pernicious Kingdoms	Incomplete	CWE-20	Improper Input Validation	Class	Simple	Stable

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date