Difference between revisions of "Unchecked array indexing"

Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
[http://s1.shard.jp/olharder/automatic-watch.html automobile hand control
] [http://s1.shard.jp/galeach/new92.html umuc de asia
] [http://s1.shard.jp/galeach/new170.html asia argento movie
] [http://s1.shard.jp/olharder/comparatif-automobile.html plane trains and automobile quote
] [http://s1.shard.jp/losaul/online-clothing.html kyoto protocol us australia
] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html 1 4496.1stepsystem.com automated business home marketing opportunity stepsystem system] [http://s1.shard.jp/olharder/sood-automobiles.html professional resume samples automobile industry
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/bireba/eztrust-antivirus.html 2005 norton antivirus download
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/best-way-auto-care.html accident attorney auto carolina south
] [http://s1.shard.jp/losaul/murrays-buses.html bali holiday packages from australia
] [http://s1.shard.jp/olharder/automoveis-bmw.html semi automatic assault rifle
] [http://s1.shard.jp/frhorton/9viywdetn.html south africa property listing
] [http://s1.shard.jp/losaul/cruises-from-australia.html australia camcorder digital gs200 panasonic
] [http://s1.shard.jp/bireba/antivirus-avg7.html trend micro housecalls antivirus
] [http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/frhorton/eob9cf6xd.html africa life expectancy
] [http://s1.shard.jp/losaul/australian-sheepskin.html australian sheepskin slippers] [http://s1.shard.jp/bireba/antivirus-check.html symantec antivirus update file
] [http://s1.shard.jp/frhorton/bq5czt3ax.html african playboy.com] [http://s1.shard.jp/olharder/auto-bap.html old autos newspaper
] [http://s1.shard.jp/bireba/vantivirus.html antivirus sofware
] [http://s1.shard.jp/galeach/new21.html asian women dating caucasian men
] [http://s1.shard.jp/bireba/macintosh-antivirus.html antivirus panda software
] [http://s1.shard.jp/galeach/new131.html asian free thumbnail
] [http://s1.shard.jp/olharder/invicta-speedway.html auto promotions
] [http://s1.shard.jp/galeach/new111.html outline map of south west asia
] [http://s1.shard.jp/galeach/new45.html cheap travel paris to asia
] [http://s1.shard.jp/olharder/ch-futterautomat.html discount autoparts uk
] [http://s1.shard.jp/bireba/avg-antivirus-linux.html avg antivirus updates download
] [http://s1.shard.jp/bireba/antivirus-cleanup.html avgfreeantivirus
] [http://s1.shard.jp/losaul/informed-sources.html missing people australia
] [http://s1.shard.jp/olharder/prestige-auto.html auto ranging multimeter
] [http://s1.shard.jp/bireba/antivirus-2004.html vetantivirus.com
] [http://s1.shard.jp/olharder/1-800-safe-auto.html volvo auto repair garage
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/losaul/jamberoo-recreation.html maps of australian deserts
] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/galeach/new60.html asia trav
] [http://s1.shard.jp/galeach/new91.html asia invest
] [http://s1.shard.jp/bireba/norton-antivirus.html avg+antivirus+free
] [http://s1.shard.jp/bireba/avast-free-antivirus.html avg antivirus definition update
] [http://s1.shard.jp/frhorton/dkumgq8of.html map of europe an northern africa
] [http://s1.shard.jp/frhorton/nluldpiwy.html african american black women
] [http://s1.shard.jp/olharder/xp-autoplay-disable.html maserati automaker first name
] [http://s1.shard.jp/bireba/etrust-antivirus.html norton antivirus serial crack
] [http://s1.shard.jp/losaul/lucas-heights-australia.html australian dog miniature
] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/olharder/aa-auto-route-planner.html radiators auto

Revision as of 12:00, 29 May 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/29/2009

Vulnerabilities Table of Contents


Unchecked array indexing occurs when an unchecked value is used as an index into a buffer.


  • Availability: Unchecked array indexing will very likely result in the corruption of relevant memory and perhaps instructions, leading to a crash, if the values are outside of the valid memory area
  • Integrity: If the memory corrupted is data, rather than instructions, the system will continue to function with improper values.
  • Access Control: If the memory corrupted memory can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow.

Exposure period

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack of or misuse of mitigating technologies.


  • Languages: C, C++, Assembly
  • Operating Platforms: All

Required resources




Likelihood of exploit


Unchecked array indexing, depending on its instantiation, can be responsible for any number of related issues. Most prominent of these possible flaws is the buffer overflow condition. Due to this fact, consequences range from denial of service, and data corruption, to full blown arbitrary code execution

The most common condition situation leading to unchecked array indexing is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function's return value, or the resulting value of a calculation directly as an index in to a buffer.

Risk Factors




Related Attacks

Related Vulnerabilities

Related Controls

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Implementation: Include sanity checks to ensure the validity of any values used as index variables. In loops, use greater-than-or-equal-to, or less-than-or-equal-to, as opposed to simply greater-than, or less-than compare statements.

Related Technical Impacts