Read Time:23 Second

Description

The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-147
CWE-436

 

Consequences

Integrity: Unexpected State

 

Potential Mitigations

Phase: Implementation

Description: 

Remove null bytes from all incoming strings.

CVE References

  • CVE-2005-3153
    • inserting SQL after a NUL byte bypasses allowlist regexp, enabling SQL injection