Back to CWE list
CWE-135
Incorrect Calculation of Multi-Byte String Length
Base
Draft
Description
The product does not correctly calculate the length of strings that can contain wide or multi-byte characters.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Integrity
Confidentiality
Availability
Impact
Execute Unauthorized Code or Commands
Scope
Availability
Confidentiality
Impact
Read Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Scope
Confidentiality
Impact
Read Memory
Potential Mitigations
Implementation
Always verify the length of the string unit character.
Implementation
Use length computing functions (e.g. strlen, wcslen, etc.) appropriately with their equivalent type (e.g.: byte, wchar_t, etc.)
Applicable Platforms
C
C++
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now