CWE-626: Null Byte Interaction Error (Poison Null Byte)

Variant Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

常见后果

影响范围: Integrity

技术影响: Unexpected State

潜在缓解措施

阶段: Implementation

描述: Remove null bytes from all incoming strings.

观察示例

参考: CVE-2005-4155

NUL byte bypasses PHP regular expression check

参考: CVE-2005-3153

inserting SQL after a NUL byte bypasses allowlist regexp, enabling SQL injection

引入模式

阶段 说明
Implementation -

适用平台

编程语言
PHP (Undetermined) Perl (Undetermined) ASP.NET (Undetermined)
关键信息

CWE ID: CWE-626

抽象级别: Variant

结构: Simple

状态: Draft

相关弱点
ChildOf CWE-147

Improper Neutralization of Input Terminators

Variant
ChildOf CWE-436

Interpretation Conflict

Class
返回列表