Incorrect Access of Indexable Resource ('Range Error')
This vulnerability occurs when software fails to properly check the boundaries of an indexed resource, like an array, buffer, or file, before accessing it. This allows reading from or writing to memory locations outside the intended range.
Think of this as a 'fence' problem. Your code has a defined area it's allowed to work with, like an array with 10 elements. A range error happens when the program tries to access the 11th or the -1st element because it skipped a crucial boundary check. This is a common root cause for crashes, unexpected behavior, and serious security flaws like buffer overflows. For developers, preventing this means rigorously validating all indices and pointers before use. Always ensure the index is greater than or equal to zero and less than the total length of the resource. Use safe language features and libraries that perform automatic bounds checking, and be especially vigilant with low-level operations in languages like C and C++, where manual management is required.
Impact: Varies by Context
- 8J2EE Misconfiguration: Entity Bean Declared Remote
- 9J2EE Misconfiguration: Weak Access Permissions for EJB Methods
- 10DEPRECATED: ASP.NET Environment Issues
- 14Compiler Removal of Code to Clear Buffers
- 24Path Traversal: '../filedir'
- 45Path Equivalence: 'file...name' (Multiple Internal Dot)
- 46Path Equivalence: 'filename ' (Trailing Space)
- 47Path Equivalence: ' filename' (Leading Space)
- Software Fault Patterns