CWE-170: Improper Null Termination

BaseIncompleteExploit Likelihood: Medium

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

View on MITRE

Back to CWE Lookup

Extended Description

Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.

Technical Details

Structure: Simple

Applicable To

Languages

CC++

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-170

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references