Statements (57)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Web
|
| gptkbp:can_detect |
Static analysis tools.
|
| gptkbp:category |
Improper Input Validation
|
| gptkbp:common_errors |
Off-by-one errors.
|
| gptkbp:common_languages |
C, C++, Java, Python.
|
| gptkbp:common_patterns |
Looping through arrays.
|
| gptkbp:common_tools |
Static analysis tools.
|
| gptkbp:common_vulnerabilities |
Segmentation faults.
|
| gptkbp:common_vulnerable_patterns |
Improper loop conditions.
|
| gptkbp:components |
Software applications.
|
| gptkbp:countermeasures |
Code reviews.
|
| gptkbp:description |
The software does not validate that an index is within the bounds of an array.
|
| gptkbp:difficulty_levels |
gptkb:High
|
| gptkbp:education |
Training on secure coding practices.
|
| gptkbp:environmental_initiatives |
Refactor code to ensure index validation.
|
| gptkbp:example |
Array index out of bounds.
Accessing an array with an index that is not checked against its size. |
| gptkbp:example_languages |
C, C++.
|
| gptkbp:example_mitigations |
Use of safe libraries.
|
| gptkbp:example_remedies |
Implementing checks before accessing arrays.
|
| gptkbp:example_scenarios |
User input leading to array access.
|
| gptkbp:example_vulnerabilities |
Buffer overflow vulnerabilities.
|
| gptkbp:examples_in_code |
for (int i = 0; i <= size; i++) { array[i] = value; }
|
| gptkbp:has_weakness |
CWE-682
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-129
|
| gptkbp:impact |
Application crashes.
Potential for buffer overflow or out-of-bounds access. |
| gptkbp:impact_severity |
Critical.
|
| gptkbp:investment |
Data corruption.
|
| gptkbp:is_a_framework_for |
Java Collections Framework.
|
| gptkbp:is_practiced_in |
Always validate input.
Code reviews and pair programming. |
| gptkbp:is_referenced_in |
https://cwe.mitre.org/data/definitions/129.html
|
| gptkbp:is_tested_for |
Unit tests for array bounds.
|
| gptkbp:is_vulnerable_to |
Exploitable in certain conditions.
Out-of-bounds access. |
| gptkbp:issues |
Assuming array indices start at 0.
|
| gptkbp:name |
Improper Validation of Array Index
|
| gptkbp:prevention |
Implement bounds checking for all array accesses.
Use safe array access functions. |
| gptkbp:related_concept |
ISO/ IEC 27001.
Input validation. |
| gptkbp:related_cwe |
gptkb:CWE-119
gptkb:CWE-131 gptkb:CWE-190 gptkb:CWE-787 gptkb:CWE-125 CWE-476 CWE-682 |
| gptkbp:related_to |
gptkb:CWE-20
|
| gptkbp:remediation_strategies |
Use of assertions.
|
| gptkbp:security |
Ensure proper error handling.
Implement input sanitization. Potential for denial of service. |
| gptkbp:testing_tools |
Fuzz testing.
|
| gptkbp:bfsParent |
gptkb:CWE-74
|
| gptkbp:bfsLayer |
8
|