Tag Archives: Position

CWE-1285 – Improper Validation of Specified Index, Position, or Offset in Input

Read Time:27 Second

Description

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-20

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description: 

CVE References

  • CVE-2001-1009
    • negative array index as argument to POP LIST command