CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
常见后果
影响范围: Other
技术影响: Varies by Context
潜在缓解措施
阶段: Implementation
策略: Input Validation
有效性: High
观察示例
参考: CVE-2005-0369
large ID in packet used as array index
参考: CVE-2001-1009
negative array index as argument to POP LIST command
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |