Null Byte Interaction Error (Poison Null Byte)
Description The product does not properly handle null bytes or NUL characters when passing data between different representations or components. Extended DescriptionA null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected. Applicable PlatformsLanguage: PHPLanguage: PerlLanguage: ASP.NET Time Of Introduction
Common Consequences
Detection MethodsNone Potential Mitigations
Relationships
Demonstrative ExamplesNone Observed Examples
White Box Definitions None Black Box Definitions None Taxynomy MappingsNone References:
|