Difference between revisions of "Unchecked array indexing"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
[http://s1.shard.jp/olharder/automatic-watch.html bauman auto group
 
] [http://s1.shard.jp/losaul/australia-getaway.html australia government web site
 
] [http://s1.shard.jp/olharder/auto-escort-ford.html auto mechanic job outlook
 
] [http://s1.shard.jp/losaul/limousine-hire.html australian anabolics
 
] [http://s1.shard.jp/frhorton/q7wm62r24.html african american black magazine man site web
 
] [http://s1.shard.jp/galeach/new164.html against article euthanasia
 
] [http://s1.shard.jp/frhorton/fg84cc18u.html african american crow jim law
 
] [http://s1.shard.jp/olharder/cheat-sheets.html auto rebuilt transmission
 
] [http://s1.shard.jp/bireba/window-security.html simantec antivirus
 
] [http://s1.shard.jp/olharder/automotive-tool.html auto heating system repair
 
] [http://s1.shard.jp/losaul/australian-artists.html australian artists queensland] [http://s1.shard.jp/bireba/www-avg-antivirus.html mcafee free antivirus
 
] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/galeach/new26.html analasian com] [http://s1.shard.jp/bireba/latest-antivirus.html mc affee antivirus
 
] [http://s1.shard.jp/losaul/job-search-cairns.html cpi forecast australia
 
] [http://s1.shard.jp/losaul/cruises-from-australia.html abc bookstores australia
 
] [http://s1.shard.jp/galeach/new67.html mr chins asian beaver
 
] [http://s1.shard.jp/bireba/antivirus2003.html antivirus2003] [http://s1.shard.jp/losaul/the-association.html top 40 count down australia
 
] [http://s1.shard.jp/losaul/australia-phone.html bushtracker australia
 
] [http://s1.shard.jp/galeach/new46.html houston tx asian massage] [http://s1.shard.jp/frhorton/pp3b7gffd.html south africa cape town university
 
] [http://s1.shard.jp/losaul/compare-flights.html vodafone prepaid deals australia
 
] [http://s1.shard.jp/bireba/download-best-antivirus.html nortun antivirus
 
] [http://s1.shard.jp/bireba/norton-antivirus.html norton antivirus live update download
 
] [http://s1.shard.jp/frhorton/k7b9qt4bf.html african americans history facts
 
] [http://s1.shard.jp/losaul/police-federation.html ball dresses australia
 
] [http://s1.shard.jp/losaul/open-source-software.html shipping lines australia
 
] [http://s1.shard.jp/olharder/auto-club-country.html diablo dealer auto
 
] [http://s1.shard.jp/galeach/new32.html asian dramas
 
] [http://s1.shard.jp/frhorton/2u1ol1yan.html club africain
 
] [http://s1.shard.jp/olharder/autoroll-654.html webmap] [http://s1.shard.jp/losaul/advanced-driver.html high court of australia
 
] [http://s1.shard.jp/olharder/automate-552.html 453v1 auto gui launch watson
 
] [http://s1.shard.jp/bireba/shield-2005-pro.html lu1848 norton antivirus
 
] [http://s1.shard.jp/galeach/new43.html tsunami in south asia death toll
 
] [http://s1.shard.jp/olharder/stltodaycom.html accessory accessory accessory autoanything.automarketsol.com.au car truck truck
 
] [http://s1.shard.jp/bireba/map.html norton antivirus free download full version
 
] [http://s1.shard.jp/frhorton/4dyaal72j.html western sahara africa
 
] [http://s1.shard.jp/losaul/real-estate-for.html real estate for sale australia] [http://s1.shard.jp/galeach/new74.html pacific asia travel association
 
] [http://s1.shard.jp/frhorton/qtlusvqfk.html africa in safari south
 
] [http://s1.shard.jp/bireba/antivirus-checking.html norton antivirus downloads free
 
] [http://s1.shard.jp/losaul/tents-australia.html virgo horoscope australia
 
] [http://s1.shard.jp/bireba/dod-cert-antivirus.html os x antivirus free
 
] [http://s1.shard.jp/losaul/ice-tv-australia.html australian hat with corks
 
] [http://s1.shard.jp/galeach/new119.html macasia.com
 
] [http://s1.shard.jp/bireba/antivirus-software.html avg antivirus reviews
 
] [http://s1.shard.jp/bireba/symantec-antivirus.html panda antivirus platinum 7.04.00 crack
 
 
 
http://www.textchipasc.com  
 
http://www.textchipasc.com  
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}

Revision as of 11:00, 27 May 2009

http://www.textchipasc.com This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 05/27/2009

Vulnerabilities Table of Contents

Description

Unchecked array indexing occurs when an unchecked value is used as an index into a buffer.

Consequences

  • Availability: Unchecked array indexing will very likely result in the corruption of relevant memory and perhaps instructions, leading to a crash, if the values are outside of the valid memory area
  • Integrity: If the memory corrupted is data, rather than instructions, the system will continue to function with improper values.
  • Access Control: If the memory corrupted memory can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow.

Exposure period

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack of or misuse of mitigating technologies.

Platform

  • Languages: C, C++, Assembly
  • Operating Platforms: All

Required resources

Any

Severity

Medium

Likelihood of exploit

Medium

Unchecked array indexing, depending on its instantiation, can be responsible for any number of related issues. Most prominent of these possible flaws is the buffer overflow condition. Due to this fact, consequences range from denial of service, and data corruption, to full blown arbitrary code execution

The most common condition situation leading to unchecked array indexing is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function's return value, or the resulting value of a calculation directly as an index in to a buffer.


Risk Factors

TBD

Examples

TBD

Related Attacks


Related Vulnerabilities


Related Controls

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Implementation: Include sanity checks to ensure the validity of any values used as index variables. In loops, use greater-than-or-equal-to, or less-than-or-equal-to, as opposed to simply greater-than, or less-than compare statements.


Related Technical Impacts


References

TBD