Null Byte Interaction Error (Poison Null Byte)
|ID: 626||Date: (C)2012-05-14 (M)2012-11-08|
|Type: weakness||Status: DRAFT|
|Abstraction Type: Variant|
The product does not properly handle null bytes or NUL
characters when passing data between different representations or
Extended DescriptionA null byte (NUL character) can have different meanings across
representations or languages. For example, it is a string terminator in
standard C libraries, but Perl and PHP strings do not treat it as a
terminator. When two representations are crossed - such as when Perl or PHP
invokes underlying C functionality - this can produce an interaction error
with unexpected results. Similar issues have been reported for ASP. Other
interpreters written in C might also be affected.
Applicable PlatformsLanguage: PHPLanguage: PerlLanguage: ASP.NET
Time Of Introduction
|Integrity ||Unexpected state || |
|Implementation || ||Remove null bytes from all incoming strings. || || |
|CWE-626 ChildOf CWE-896 ||Category ||CWE-888 || |
- CVE-2005-4155 : NUL byte bypasses PHP regular expression check
- CVE-2005-3153 : inserting SQL after a NUL byte bypasses whitelist regexp, enabling SQL injection
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
- Rain Forest Puppy .Poison NULL byte. Phrack 55.
- Brett Moore .0x00 vs ASP file upload scripts.
- ShAnKaR .ShAnKaR: multiple PHP application poison NULL byte