Read Time:23 Second
Description
The product does not properly handle null bytes or NUL characters when passing data between different representations or components.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Integrity: Unexpected State
Potential Mitigations
Phase: Implementation
Description:
Remove null bytes from all incoming strings.
CVE References
- CVE-2005-4155
- NUL byte bypasses PHP regular expression check
- CVE-2005-3153
- inserting SQL after a NUL byte bypasses allowlist regexp, enabling SQL injection