Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-198:Use of Incorrect Byte Ordering
Weakness ID:198
Version:v4.17
Weakness Name:Use of Incorrect Byte Ordering
Vulnerability Mapping:Allowed
Abstraction:Variant
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used.

▼Extended Description

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowedB188Reliance on Data/Memory Layout
Nature: ChildOf
Mapping: Allowed
Type: Base
ID: 188
Name: Reliance on Data/Memory Layout
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC857The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
MemberOfProhibitedC993SFP Secondary Cluster: Incorrect Input Handling
MemberOfProhibitedC1147SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
MemberOfProhibitedC1399Comprehensive Categorization: Memory Safety
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 857
Name: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 993
Name: SFP Secondary Cluster: Incorrect Input Handling
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1147
Name: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1399
Name: Comprehensive Categorization: Memory Safety
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-294Not Language-Specific Weaknesses
MemberOfProhibitedBSBOSS-315Unexpected State (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-294
Name: Not Language-Specific Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-315
Name: Unexpected State (impact)
▼Relevant To View
Relevant to the view"Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java - (1133)"
NatureMappingTypeIDName
MemberOfProhibitedC1147SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1147
Name: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC993SFP Secondary Cluster: Incorrect Input Handling
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 993
Name: SFP Secondary Cluster: Incorrect Input Handling
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
IntegrityN/AUnexpected State
N/A
Scope: Integrity
Likelihood: N/A
Impact: Unexpected State
Note:
N/A
▼Potential Mitigations
▼Modes Of Introduction
Phase: Implementation
Note:

N/A

▼Applicable Platforms
Languages
Class: Not Language-Specific(Undetermined Prevalence)
▼Demonstrative Examples
▼Observed Examples
ReferenceDescription
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      Black Box
      Detection Method ID:
      Description:

      Because byte ordering bugs are usually very noticeable even with normal inputs, this bug is more likely to occur in rarely triggered error conditions, making them difficult to detect using black box methods.

      Effectiveness:
      Note:

      N/A

      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      Research Gap

      Under-reported.

      N/A

      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      PLOVERN/AN/ANumeric Byte Ordering Error
      The CERT Oracle Secure Coding Standard for Java (2011)FIO12-JN/AProvide methods to read and write little-endian data
      Taxonomy Name: PLOVER
      Entry ID: N/A
      Fit: N/A
      Entry Name: Numeric Byte Ordering Error
      Taxonomy Name: The CERT Oracle Secure Coding Standard for Java (2011)
      Entry ID: FIO12-J
      Fit: N/A
      Entry Name: Provide methods to read and write little-endian data
      ▼Related Attack Patterns
      IDName
      ▼References
      Details not found