Dangling Database Cursor ('Cursor Injection')

Incomplete Base

Structure: Simple

Description

A dangling database cursor occurs when a database cursor is not properly closed, potentially allowing other users to access it while it retains its original, often elevated, privileges.

Extended Description

This vulnerability typically surfaces when errors or exceptions in an application are not handled correctly, leaving the cursor open. For instance, if a function that opens a cursor throws an unhandled exception before reaching the code that closes it, the cursor remains active and 'dangles' in the database. The primary risk is that this open cursor can be exploited, often leading to SQL injection attacks. The severity depends on what the cursor was designed to do, but since it still holds its initial permissions, an attacker could potentially use it to execute unauthorized database operations or access sensitive data.

Common Consequences 1

Scope: ConfidentialityIntegrity

Impact: Read Application DataModify Application Data

Potential Mitigations 1

Phase: Implementation

Close cursors immediately after access to them is complete. Ensure that you close cursors if exceptions occur.

References 2

The Oracle Hacker's Handbook

David Litchfield

ID: REF-505

Cursor Injection

David Litchfield

http://www.davidlitchfield.com/cursor-injection.pdf(2023-04-07)

ID: REF-506

Applicable Platforms

Languages:

SQL : Undetermined

Technologies:

Database Server : Undetermined

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Transmission of Private Resources into a New Sphere ('Resource Leak') (CWE-402)

Taxonomy Mapping

Software Fault Patterns