You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

Null-terminated byte strings are, by definition, null-terminated. String operations cannot determine the length or end of strings that are not properly null-terminated, which can consequently result in buffer overflows and other undefined behavior.

Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.

Exception

An exception to this rule applies if the intent of the programmer is to convert a null-terminated byte string to a character array.  To be compliant with this standard, this intent must be clearly stated in comments.

Priority: P12 Level: L1

Failure to properly null terminate null-terminated byte strings can result in buffer overflows and the execution of arbitrary code with the permissions of the vulnerable process by an attacker.

Component

Value

Severity

3 (high)

Likelihood

2 (probable)

Remediation cost

2 (medium)

References

  • No labels