Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-170 (不恰当的空终结符) — Vulnerability Class 35

35 vulnerabilities classified as CWE-170 (不恰当的空终结符). AI Chinese analysis included.

CWE-170 represents a critical memory management weakness where software fails to properly terminate strings or arrays with a null character. This defect typically arises from off-by-one errors that write terminators out of bounds, causing buffer overflows, or from incorrect usage of functions like strncpy() that omit the necessary null byte. Attackers exploit these vulnerabilities to execute arbitrary code, crash applications, or bypass security controls by manipulating memory boundaries. To mitigate this risk, developers must rigorously validate buffer sizes and explicitly ensure null termination after every string operation. Utilizing safer, language-specific string handling libraries that automatically manage termination, combined with static analysis tools to detect missing terminators, significantly reduces the likelihood of introducing this dangerous flaw into production code.

MITRE CWE Description
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.
Common Consequences (4)
Confidentiality, Integrity, AvailabilityRead Memory, Execute Unauthorized Code or Commands
The case of an omitted null character is the most dangerous of the possible issues. This will almost certainly result in information disclosure, and possibly a buffer overflow condition, which may be exploited to execute arbitrary code.
Confidentiality, Integrity, AvailabilityDoS: Crash, Exit, or Restart, Read Memory, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
If a null character is omitted from a string, then most string-copying functions will read data until they locate a null character, even outside of the intended boundaries of the string. This could: cause a crash due to a segmentation fault cause sensitive adjacent memory to be copied and sent to an…
Integrity, AvailabilityModify Memory, DoS: Crash, Exit, or Restart
Misplaced null characters may result in any number of security problems. The biggest issue is a subset of buffer overflow, and write-what-where conditions, where data corruption occurs from the writing of a null character over valid data, or even instructions. A randomly placed null character may pu…
Integrity, Confidentiality, Availability, Access Control, OtherAlter Execution Logic, Execute Unauthorized Code or Commands
Should the null character corrupt the process flow, or affect a flag controlling access, it may lead to logical errors which allow for the execution of arbitrary code.
Mitigations (5)
RequirementsUse a language that is not susceptible to these issues. However, be careful of null byte interaction errors (CWE-626) with lower-level constructs that may be written in a language that is susceptible.
ImplementationEnsure that all string functions used are understood fully as to how they append null characters. Also, be wary of off-by-one errors when appending nulls to the end of strings.
ImplementationIf performance constraints permit, special code can be added that validates null-termination of string buffers, this is a rather naive and error-prone solution.
ImplementationSwitch to bounded string manipulation functions. Inspect buffer lengths involved in the buffer overrun trace reported with the defect.
ImplementationAdd code that fills buffers with nulls (however, the length of buffers still needs to be inspected, to ensure that the non null-terminated string is not written at the physical end of the buffer).
Examples (2)
The following code reads from cfgfile and copies the input into inputbuf using strcpy(). The code mistakenly assumes that inputbuf will always contain a NULL terminator.
#define MAXLEN 1024 ... char *pathbuf[MAXLEN]; ... read(cfgfile,inputbuf,MAXLEN); //does not null terminate strcpy(pathbuf,inputbuf); //requires null terminated input ...
Bad · C
In the following code, readlink() expands the name of a symbolic link stored in pathname and puts the absolute path into buf. The length of the resulting value is then calculated using strlen().
char buf[MAXPATH]; ... readlink(pathname, buf, MAXPATH); int length = strlen(buf); ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) — Apache HTTP Server 9.1 -2026-05-04
CVE-2026-40334 libgphoto2 missing null termination in ptp_unpack_Canon_FE() filename buffer in ptp-pack.c — libgphoto2 3.5 Low2026-04-17
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input — jq 9.8 -2026-04-13
CVE-2026-2239 Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow — Red Hat Enterprise Linux 7 2.8 Low2026-03-26
CVE-2026-32837 mackron / miniaudio Out-of-Bounds Read in BEXT Coding History Parsing — miniaudio 4.0 Medium2026-03-17
CVE-2026-23749 Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read — Firmware SDK 2.9 Low2026-02-26
CVE-2025-2026 Moxa NPort 6100-G2 Series和Moxa NPort 6200-G2 Series 安全漏洞 — NPort 6100-G2/6200-G2 Series 6.5 -2025-12-31
CVE-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte — envoy 5.0 Medium2025-12-03
CVE-2024-31197 Improper Null Termination in libfluid_msg library — libfluid 5.3 Medium2024-09-18
CVE-2024-43474 Microsoft SQL Server Information Disclosure Vulnerability — Microsoft SQL Server 2017 (GDR) 7.6 High2024-09-10
CVE-2024-45288 Multiple vulnerabilities in libnv — FreeBSD 8.4AIHighAI2024-09-05
CVE-2024-31484 Siemens 多款产品 安全漏洞 — CPC80 Central Processing/Communication 7.8 High2024-05-14
CVE-2024-21442 Windows USB Print Driver Elevation of Privilege Vulnerability — Windows Server 2022 7.8 High2024-03-12
CVE-2023-48674 Dell BIOS 安全漏洞 — CPG BIOS 6.8 Medium2024-03-01
CVE-2023-36907 Windows Cryptographic Services Information Disclosure Vulnerability — Windows 10 Version 1809 5.5 Medium2023-08-08
CVE-2023-36906 Windows Cryptographic Services Information Disclosure Vulnerability — Windows 10 Version 1809 5.5 Medium2023-08-08
CVE-2023-35321 Windows Deployment Services Denial of Service Vulnerability — Windows Server 2019 6.5 Medium2023-07-11
CVE-2023-28263 Visual Studio Information Disclosure Vulnerability — Microsoft Visual Studio 2022 version 17.2 5.5 Medium2023-04-11
CVE-2021-31888 Siemens Nucleus ReadyStart 缓冲区错误漏洞 — APOGEE MBC (PPC) (BACnet) 9.8 -2021-11-09
CVE-2021-31887 Siemens Nucleus ReadyStart 缓冲区错误漏洞 — APOGEE MBC (PPC) (BACnet) 9.8 -2021-11-09
CVE-2021-31886 Siemens Nucleus ReadyStart 缓冲区错误漏洞 — APOGEE MBC (PPC) (BACnet) 9.8 -2021-11-09
CVE-2021-31884 Siemens Nucleus ReadyStart 安全漏洞 — APOGEE MBC (PPC) (BACnet) 9.8 -2021-11-09
CVE-2021-1120 Nvidia vGPU Software 安全漏洞 — NVIDIA Virtual GPU Software 7.0 High2021-10-29
CVE-2021-22931 node core 输入验证错误漏洞 — Node 8.8 -2021-08-16
CVE-2020-27736 多款siemens产品 缓冲区错误漏洞 — APOGEE PXC Compact (BACnet) 6.5 Medium2021-04-22
CVE-2021-1418 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities — Cisco Jabber 9.9 Critical2021-03-24
CVE-2021-1417 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities — Cisco Jabber 9.9 Critical2021-03-24
CVE-2021-1411 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities — Cisco Jabber 9.9 Critical2021-03-24
CVE-2021-1471 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities — Cisco Jabber 9.9 Critical2021-03-24
CVE-2021-1469 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities — Cisco Jabber 9.9 Critical2021-03-24

Vulnerabilities classified as CWE-170 (不恰当的空终结符) represent 35 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.