CWE-501: Trust Boundary Violation

The product mixes trusted and untrusted data in the same data structure or structured message.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

A trust boundary can be thought of as line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation logic is to allow data to safely cross the trust boundary - to move from untrusted to trusted. A trust boundary violation occurs when a program blurs the line between what is trusted and what is untrusted. By combining trusted and untrusted data in the same data structure, it becomes easier for programmers to mistakenly trust unvalidated data.

CWE-501: Trust Boundary Violation

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-501?

What CVEs are caused by CWE-501?

How is CWE-501 detected?

What are the consequences of CWE-501?

Is CWE-501 actively exploited?

References

Stay ahead of CWE-501

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Peer

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-501?

What CVEs are caused by CWE-501?

How is CWE-501 detected?

What are the consequences of CWE-501?

Is CWE-501 actively exploited?

References

Stay ahead of CWE-501