Modes d'introduction
Implementation : A typical occurrence of this weakness occurs when an application includes user-controlled input to a malloc() call. The related code might be correct with respect to preventing buffer overflows, but if a large value is provided, the malloc() will fail due to insufficient memory. This problem also frequently occurs when a parsing routine expects that certain elements will always be present. If malformed input is provided, the parser might return NULL. For example, strtok() can return NULL.
Plateformes applicables
Langue
Name: C (Undetermined)
Name: C++ (Undetermined)
Conséquences courantes
Portée |
Impact |
Probabilité |
Availability | DoS: Crash, Exit, or Restart | |
Integrity Confidentiality Availability | Execute Unauthorized Code or Commands, Read Memory, Modify Memory
Note: In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution. | |
Exemples observés
Références |
Description |
| Large Content-Length value leads to NULL pointer dereference when malloc fails. |
| Large message length field leads to NULL pointer dereference when malloc fails. |
| Parsing routine encounters NULL dereference when input is missing a colon separator. |
| URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference. |
| chain: unchecked return value can lead to NULL dereference |
Méthodes de détection
Black Box
This typically occurs in rarely-triggered error conditions, reducing the chances of detection during black box testing.
White Box
Code analysis can require knowledge of API behaviors for library functions that might return NULL, reducing the chances of detection when unknown libraries are used.
Notes de cartographie des vulnérabilités
Justification : This CWE entry is a named chain, which combines multiple weaknesses.
Commentaire : Mapping to each separate weakness in the chain would be more precise.
Soumission
Nom |
Organisation |
Date |
Date de publication |
Version |
CWE Content Team |
MITRE |
2008-04-11 +00:00 |
2008-04-11 +00:00 |
Draft 9 |
Modifications
Nom |
Organisation |
Date |
Commentaire |
Sean Eidemiller |
Cigital |
2008-07-01 +00:00 |
added/updated demonstrative examples |
Eric Dalci |
Cigital |
2008-07-01 +00:00 |
updated Time_of_Introduction |
CWE Content Team |
MITRE |
2008-09-08 +00:00 |
updated Applicable_Platforms, Description, Detection_Factors, Relationships, Other_Notes |
CWE Content Team |
MITRE |
2009-12-28 +00:00 |
updated Demonstrative_Examples |
CWE Content Team |
MITRE |
2010-09-27 +00:00 |
updated Observed_Examples |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2011-09-13 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2014-06-23 +00:00 |
updated Modes_of_Introduction, Other_Notes |
CWE Content Team |
MITRE |
2017-01-19 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Relationships, Relevant_Properties, Taxonomy_Mappings, Time_of_Introduction |
CWE Content Team |
MITRE |
2019-01-03 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2020-06-25 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2021-03-15 +00:00 |
updated Demonstrative_Examples, Relationships |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes, Relationships |