CWE-463 Detail

CWE-463

Deletion of Data Structure Sentinel
Incomplete
2006-07-19
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notifiche per un CWE specifico
Rimani informato su qualsiasi modifica relativa a un CWE specifico.
Gestione notifiche

Nome: Deletion of Data Structure Sentinel

The accidental deletion of a data-structure sentinel can cause serious programming logic problems.

CWE Description

Often times data-structure sentinels are used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the deletion or modification outside of some wrapper interface which provides safety.

General Informations

Modes Of Introduction

Implementation

Piattaforme applicabili

Linguaggio

Name: C (Undetermined)
Name: C++ (Undetermined)

Conseguenze comuni

Ambito Impatto Probabilità
Availability
Other		Other

Note: Generally this error will cause the data structure to not work properly.
Authorization
Other		Other

Note: If a control character, such as NULL is removed, one may cause resource access control problems.

Potential Mitigations

Phases : Architecture and Design
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Phases : Build and Compilation
Phases : Operation
Use OS-level preventative functionality. Not a complete solution.

Note sulla mappatura delle vulnerabilità

Giustificazione : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commento : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Riferimenti

REF-18

The CLASP Application Security Process
Secure Software, Inc..
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

Invio

Nome Organizzazione Data Data di rilascio Version
CLASP 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifiche

Nome Organizzazione Data Commento
Eric Dalci Cigital 2008-07-01 +00:00 updated Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
CWE Content Team MITRE 2009-07-27 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2009-10-29 +00:00 updated Description, Other_Notes
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences, Demonstrative_Examples
CWE Content Team MITRE 2012-05-11 +00:00 updated References, Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2014-07-30 +00:00 updated Relationships
CWE Content Team MITRE 2017-11-08 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2020-02-24 +00:00 updated References, Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships, Time_of_Introduction
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Weakness_Ordinalities
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.