Downloads:
Back to the previous page
| Test Case ID |  154603 |
| Bad / Good / Mixed | Bad |
| Author | IARPA STONESOUP Test and Evaluation team |
| Associations | Test suite: 102 Application: 11 |
| Added by | Charles Oliveira |
| Language | Java |
| Type of test case | Source Code |
| Input string | |
| Expected Output | |
| Instructions | See src/build.xml and src/maven-build.xml. |
| Submission date | 2015-10-06 |
| Description | This weakness takes in an integer and string "int string" where the integer is the size of the array to sort for timing and the string contains the value that is acted upon by the treads, stored in a global static variable. A divide by zero error occurs when the string starts with 'A' and the array size is significantly large. In practice the benign sort values are <50 and exploit are >5000000 to achieve (essentially) guaranteed effects. Metadata - Base program: Apache Jena - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: BREAK_WITH_LABEL |
| File(s) |
|
| Flaw |
There are no comments
Have any comments on this test case? Please,
.
- LexerPath.java
- runFifos.py
- service_mon.sh
- J-C567A-JENA-10-ST01-DT02-DF11-CF25-01.xml
- J-C567A-JENA-10-ST01-DT02-DF11-CF25-01.yaml
File Contains:
CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context on line(s): 965, 966, 967, 968
CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context on line(s): 965, 966, 967, 968