CWE-626
Null Byte Interaction Error (Poison Null Byte)
The product does not properly handle null bytes or NUL characters when passing data between different representations or components.
CVE-2019-11936 (GCVE-0-2019-11936)
Vulnerability from cvelistv5
Published
2019-12-04 16:25
Modified
2024-08-04 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-626 - Null Byte Interaction Error (Poison Null Byte)
Summary
Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HHVM |
Version: 4.28.2 Version: 4.28.0 < unspecified Version: 4.27.1 Version: 4.27.0 < unspecified Version: 4.26.1 Version: 4.26.0 < unspecified Version: 4.25.1 Version: 4.25.0 < unspecified Version: 4.24.1 Version: 4.24.0 < unspecified Version: 4.23.2 Version: 4.9.0 < unspecified Version: 4.8.6 Version: 4.0.0 < unspecified Version: 3.30.12 Version: unspecified < 3.30.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hhvm.com/blog/2019/10/28/security-update.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HHVM",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "4.28.2"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.27.1"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.26.1"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.25.1"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.24.1"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.23.2"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.8.6"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.30.12"
},
{
"lessThan": "3.30.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-626",
"description": "CWE-626: Null Byte Interaction Error (Poison Null Byte)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-04T16:25:20",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hhvm.com/blog/2019/10/28/security-update.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-10-28",
"ID": "CVE-2019-11936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "4.28.2"
},
{
"version_affected": "\u003e=",
"version_value": "4.28.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.27.1"
},
{
"version_affected": "\u003e=",
"version_value": "4.27.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.26.1"
},
{
"version_affected": "\u003e=",
"version_value": "4.26.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.25.1"
},
{
"version_affected": "\u003e=",
"version_value": "4.25.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.24.1"
},
{
"version_affected": "\u003e=",
"version_value": "4.24.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.23.2"
},
{
"version_affected": "\u003e=",
"version_value": "4.9.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.8.6"
},
{
"version_affected": "\u003e=",
"version_value": "4.0.0"
},
{
"version_affected": "!=\u003e",
"version_value": "3.30.12"
},
{
"version_affected": "\u003c",
"version_value": "3.30.12"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-626: Null Byte Interaction Error (Poison Null Byte)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hhvm.com/blog/2019/10/28/security-update.html",
"refsource": "CONFIRM",
"url": "https://hhvm.com/blog/2019/10/28/security-update.html"
},
{
"name": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373",
"refsource": "CONFIRM",
"url": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373"
},
{
"name": "https://www.facebook.com/security/advisories/cve-2019-11936",
"refsource": "CONFIRM",
"url": "https://www.facebook.com/security/advisories/cve-2019-11936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-11936",
"datePublished": "2019-12-04T16:25:20",
"dateReserved": "2019-05-13T00:00:00",
"dateUpdated": "2024-08-04T23:10:29.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17137 (GCVE-0-2019-17137)
Vulnerability from cvelistv5
Published
2020-02-10 19:15
Modified
2024-08-05 01:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-626 - Null Byte Interaction Error (Poison Null Byte)
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1200",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "R6220 Firmware version 1.1.0.86"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Flanders of Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-626",
"description": "CWE-626: Null Byte Interaction Error (Poison Null Byte)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T19:15:37",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-17137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AC1200",
"version": {
"version_data": [
{
"version_value": "R6220 Firmware version 1.1.0.86"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "Michael Flanders of Trend Micro Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-626: Null Byte Interaction Error (Poison Null Byte)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2019-17137",
"datePublished": "2020-02-10T19:15:38",
"dateReserved": "2019-10-04T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10773 (GCVE-0-2020-10773)
Vulnerability from cvelistv5
Published
2020-09-10 16:07
Modified
2024-08-04 11:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10773"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "kernel-5.4-rc6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack information leak flaw was found in s390/s390x in the Linux kernel\u2019s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-626",
"description": "CWE-626",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T16:07:48",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10773"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel-5.4-rc6"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack information leak flaw was found in s390/s390x in the Linux kernel\u2019s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.4/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-626"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10773",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10773"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10773",
"datePublished": "2020-09-10T16:07:48",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:14.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- Remove null bytes from all incoming strings.
No CAPEC attack patterns related to this CWE.