VYPR

CWE-626

Null Byte Interaction Error (Poison Null Byte)

VariantDraft

Description

The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (3)

  • CVE-2026-42579HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.01

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS…

  • CVE-2026-42010HigMay 7, 2026
    risk 0.39cvss 7.1epss 0.01

    A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to…

  • CVE-2026-42040LowApr 24, 2026
    risk 0.17cvss 3.7epss 0.00

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at line 21 that reverses the safe percent-encoding of null bytes. After…