The program can potentially dereference a null pointer, thereby raising a NullException
.
Null pointer errors are usually the result of one or more programmer assumptions being violated.
Most null pointer issues result in general software reliability problems, but if an attacker can intentionally trigger a null pointer dereference, the attacker might be able to use the resulting exception to bypass security logic or to cause the application to reveal debugging information that will be valuable in planning subsequent attacks.
Example 1: In the following code, the programmer assumes that the system always has a property named "cmd
" defined. If an attacker can control the program's environment so that "cmd
" is not defined, the program throws a null pointer exception when it attempts to call the Trim()
method.
string cmd = null;
...
cmd = Environment.GetEnvironmentVariable("cmd");
cmd = cmd.Trim();
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A9 Application Denial of Service
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP6080 CAT II
[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 476
[4] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.9