Description

The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

Extended Description

A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected. The poison null byte is frequently useful in path traversal attacks by terminating hard-coded extensions that are added to a filename. It can play a role in regular expression processing in PHP.

---

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

---

Observed Examples (CVEs)

• CVE: CVE-2005-4155

  NUL byte bypasses PHP regular expression check

• CVE: CVE-2005-3153

  inserting SQL after a NUL byte bypasses allowlist regexp, enabling SQL injection

Related Attack Patterns (CAPEC)

N/A

---

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Potential Mitigations

Applicable Platforms

• PHP (N/A, Undetermined)
• Perl (N/A, Undetermined)
• ASP.NET (N/A, Undetermined)

---

Demonstrative Examples

N/A

Notes

← Back to CWE list