CWE-463: Deletion of Data Structure Sentinel
The accidental deletion of a data-structure sentinel can cause serious programming logic problems.
View on MITREExtended Description
Often times data-structure sentinels are used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the deletion or modification outside of some wrapper interface which provides safety.
Technical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Generally this error will cause the data structure to not work properly.
Scope
Impact
If a control character, such as NULL is removed, one may cause resource access control problems.
Mitigation Strategies
Phase
Description
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Phase
Description
Use OS-level preventative functionality. Not a complete solution.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Demonstrative Examples
This example creates a null terminated string and prints it contents.
The string foo has space for 9 characters and a null terminator, but 10 characters are written to it. As a result, the string foo is not null terminated and calling printf() on it will have unpredictable and possibly dangerous results.
CWE Relationships
No relationship information available for this CWE.
Frequently Asked Questions
What is CWE-463: Deletion of Data Structure Sentinel?+
CWE-463: Deletion of Data Structure Sentinel is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The accidental deletion of a data-structure sentinel can cause serious programming logic problems. Often times data-structure sentinels are used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the deletion or modification outside of some wrapper interface which provides safety.
What are the security consequences of Deletion of Data Structure Sentinel?+
If exploited, CWE-463 (Deletion of Data Structure Sentinel) it can compromise Availability, Other and Authorization, leading to outcomes such as Other.
How do you prevent or mitigate Deletion of Data Structure Sentinel?+
Recommended mitigations for CWE-463 include: Use an abstraction library to abstract away risky APIs. Not a complete solution. Use OS-level preventative functionality. Not a complete solution.
Which programming languages are affected by Deletion of Data Structure Sentinel?+
CWE-463 commonly affects C and C++. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-463 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.