CWE-626: Null Byte Interaction Error (Poison Null Byte)
ID
CWE-626
Abstraction
Variant
Structure
Simple
Status
Draft
Number of CVEs
3
The product does not properly handle null bytes or NUL characters when passing data between different representations or components.
A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected.
The poison null byte is frequently useful in path traversal attacks by terminating hard-coded extensions that are added to a filename. It can play a role in regular expression processing in PHP.
Modes of Introduction
Phase | Note |
---|---|
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | PHP | ||
Language | Perl | ||
Language | ASP.NET |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...