目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-170 不恰当的空终结符 类漏洞列表 35

CWE-170 不恰当的空终结符 类弱点 35 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-170 属于字符串或数组未正确终止空字符的漏洞。攻击者常利用此缺陷,通过缓冲区溢出或构造畸形输入,导致程序崩溃或执行任意代码。开发者应避免使用不安全的字符串处理函数,确保在复制数据时严格检查边界,并显式添加终止符,从而防止越界写入或截断错误,保障内存安全。

MITRE CWE 官方描述
CWE:CWE-170 Improper Null Termination 英文:The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.
常见影响 (4)
Confidentiality, Integrity, AvailabilityRead Memory, Execute Unauthorized Code or Commands
The case of an omitted null character is the most dangerous of the possible issues. This will almost certainly result in information disclosure, and possibly a buffer overflow condition, which may be exploited to execute arbitrary code.
Confidentiality, Integrity, AvailabilityDoS: Crash, Exit, or Restart, Read Memory, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
If a null character is omitted from a string, then most string-copying functions will read data until they locate a null character, even outside of the intended boundaries of the string. This could: cause a crash due to a segmentation fault cause sensitive adjacent memory to be copied and sent to an…
Integrity, AvailabilityModify Memory, DoS: Crash, Exit, or Restart
Misplaced null characters may result in any number of security problems. The biggest issue is a subset of buffer overflow, and write-what-where conditions, where data corruption occurs from the writing of a null character over valid data, or even instructions. A randomly placed null character may pu…
Integrity, Confidentiality, Availability, Access Control, OtherAlter Execution Logic, Execute Unauthorized Code or Commands
Should the null character corrupt the process flow, or affect a flag controlling access, it may lead to logical errors which allow for the execution of arbitrary code.
缓解措施 (5)
RequirementsUse a language that is not susceptible to these issues. However, be careful of null byte interaction errors (CWE-626) with lower-level constructs that may be written in a language that is susceptible.
ImplementationEnsure that all string functions used are understood fully as to how they append null characters. Also, be wary of off-by-one errors when appending nulls to the end of strings.
ImplementationIf performance constraints permit, special code can be added that validates null-termination of string buffers, this is a rather naive and error-prone solution.
ImplementationSwitch to bounded string manipulation functions. Inspect buffer lengths involved in the buffer overrun trace reported with the defect.
ImplementationAdd code that fills buffers with nulls (however, the length of buffers still needs to be inspected, to ensure that the non null-terminated string is not written at the physical end of the buffer).
代码示例 (2)
The following code reads from cfgfile and copies the input into inputbuf using strcpy(). The code mistakenly assumes that inputbuf will always contain a NULL terminator.
#define MAXLEN 1024 ... char *pathbuf[MAXLEN]; ... read(cfgfile,inputbuf,MAXLEN); //does not null terminate strcpy(pathbuf,inputbuf); //requires null terminated input ...
Bad · C
In the following code, readlink() expands the name of a symbolic link stored in pathname and puts the absolute path into buf. The length of the resulting value is then calculated using strlen().
char buf[MAXPATH]; ... readlink(pathname, buf, MAXPATH); int length = strlen(buf); ...
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2020-14323 Samba 代码问题漏洞 — Samba 5.5 -2020-10-29
CVE-2020-7066 PHP 安全漏洞 — PHP 5.3 Medium2020-04-01
CVE-2019-11044 PHP 安全漏洞 — PHP 3.7 Low2019-12-23
CVE-2019-11045 PHP 注入漏洞 — PHP 3.7 Low2019-12-23
CVE-2019-8275 UltraVNC 安全漏洞 — UltraVNC 9.8 -2019-03-09

CWE-170(不恰当的空终结符) 是常见的弱点类别,本平台收录该类弱点关联的 35 条 CVE 漏洞。