CWE-626: Null Byte Interaction Error (Poison Null Byte)

The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected. The poison null byte is frequently useful in path traversal attacks by terminating hard-coded extensions that are added to a filename. It can play a role in regular expression processing in PHP.

CWE-626: Null Byte Interaction Error (Poison Null Byte)

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Illustrative examples

Frequently asked questions

What is CWE-626?

What CVEs are caused by CWE-626?

How do you prevent CWE-626?

How is CWE-626 detected?

What are the consequences of CWE-626?

Is CWE-626 actively exploited?

References

Stay ahead of CWE-626

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Illustrative examples

Related weaknesses

Parent

Frequently asked questions

What is CWE-626?

What CVEs are caused by CWE-626?

How do you prevent CWE-626?

How is CWE-626 detected?

What are the consequences of CWE-626?

Is CWE-626 actively exploited?

References

Stay ahead of CWE-626