Base weakness

Draft

CWE-135: Incorrect Calculation of Multi-Byte String Length

The product does not correctly calculate the length of strings that can contain wide or multi-byte characters.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

CWE-135 (Incorrect Calculation of Multi-Byte String Length) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

CWE-135: Incorrect Calculation of Multi-Byte String Length

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-135?

What CVEs are caused by CWE-135?

How do you prevent CWE-135?

How is CWE-135 detected?

What are the consequences of CWE-135?

Is CWE-135 actively exploited?

References

Stay ahead of CWE-135

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-135?

What CVEs are caused by CWE-135?

How do you prevent CWE-135?

How is CWE-135 detected?

What are the consequences of CWE-135?

Is CWE-135 actively exploited?

References

Stay ahead of CWE-135