CWE-617 可达断言
Reachable Assertion
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: unkown
基本描述
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
扩展描述
While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service.
For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 670 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 670 cwe_View_ID: 1003 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Availability | DoS: Crash, Exit, or Restart | An attacker that can trigger an assert statement can still lead to a denial of service if the relevant code can be triggered by an attacker, and if the scope of the assert() extends beyond the attacker's own session. |
可能的缓解方案
Implementation
策略:
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Implementation
策略: Input Validation
Perform input validation on user data.
示例代码
例
In the excerpt below, an AssertionError (an unchecked exception) is thrown if the user hasn't entered an email address in an HTML form.
bad Java
assert email != null;
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2006-6767 | FTP server allows remote attackers to cause a denial of service (daemon abort) via crafted commands which trigger an assertion failure. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6767 |
| CVE-2006-6811 | Chat client allows remote attackers to cause a denial of service (crash) via a long message string when connecting to a server, which causes an assertion failure. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6811 |
| CVE-2006-5779 | Product allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779 |
| CVE-2006-4095 | Product allows remote attackers to cause a denial of service (crash) via certain queries, which cause an assertion failure. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095 |
| CVE-2006-4574 | Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4574 |
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| The CERT Oracle Secure Coding Standard for Java (2011) | MET01-J | Never use assertions to validate method arguments | |
| Software Fault Patterns | SFP3 | Use of an improper API |