Unchecked Input for Loop ConditionID: 606 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The product does not properly check inputs that are used for
loop conditions, potentially leading to a denial of service because of excessive
looping.
Applicable PlatformsNone
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
Availability | DoS: resource consumption
(CPU) | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Implementation | | Do not use user-controlled data for loop conditions. | | |
Implementation | | Perform input validation. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-606 ChildOf CWE-896 | Category | CWE-888 | |
Demonstrative ExamplesNone
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
Anonymous Tool Vendor (under NDA) | | | |
CERT C Secure Coding | INT03-C | Use a secure integer library | |
CERT C++ Secure Coding | INT03-CPP | Use a secure integer library | |
References:
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 7, "Looping Constructs", Page
327.'. Published on 2006.