Read Time:27 Second
Description
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Other: Varies by Context
Potential Mitigations
Phase: Implementation
Effectiveness: High
Description:
CVE References
- CVE-2005-0369
- large ID in packet used as array index
- CVE-2001-1009
- negative array index as argument to POP LIST command