CWE-626
Null Byte Interaction Error (Poison Null Byte)
Description
The product does not properly handle null bytes or NUL characters when passing data between different representations or components.
{"xhtml:p":["A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected.","The poison null byte is frequently useful in path traversal attacks by terminating hard-coded extensions that are added to a filename. It can play a role in regular expression processing in PHP."]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Unexpected State
Potential Mitigations
Remove null bytes from all incoming strings.
CVE-2005-4155NUL byte bypasses PHP regular expression check
CVE-2005-3153inserting SQL after a NUL byte bypasses allowlist regexp, enabling SQL injection
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now