logo

CWE-626 - Null Byte Interaction Error (Poison Null Byte)

CWE-626

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Null Byte Interaction Error (Poison Null Byte)

Description

The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected. The poison null byte is frequently useful in path traversal attacks by terminating hard-coded extensions that are added to a filename. It can play a role in regular expression processing in PHP.

Common Consequences

Scope: Integrity

Impact: Unexpected State

Related Weaknesses
  • Release Date:
  • 2007-05-07
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website