[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Unchecked Input for Loop Condition

ID: 606Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping.

Applicable Platforms
None

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Availability
 
DoS: resource consumption (CPU)
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Implementation
 
 Do not use user-controlled data for loop conditions.
 
  
Implementation
 
 Perform input validation.
 
  

Relationships

Related CWETypeViewChain
CWE-606 ChildOf CWE-896 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
Anonymous Tool Vendor (under NDA)  
 
 
CERT C Secure Coding INT03-C
 
Use a secure integer library
 
 
CERT C++ Secure Coding INT03-CPP
 
Use a secure integer library
 
 

References:

  1. Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 7, "Looping Constructs", Page 327.'. Published on 2006.

© 2013 SecPod Technologies