1. Home
  2. CWE Database
  3. CWE-118
Class · High

CWE-118: Incorrect Access of Indexable Resource ('Range Error')

The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

CWE-118 · Class Level

Description

The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

Potential Impact

Other

Varies by Context

CWE-664: Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use,...

Taxonomy Mappings

  • Software Fault Patterns: SFP8 — Faulty Buffer Access

Frequently Asked Questions

What is CWE-118?

CWE-118 (Incorrect Access of Indexable Resource ('Range Error')) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Class-level weakness. The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

How can CWE-118 be exploited?

Attackers can exploit CWE-118 (Incorrect Access of Indexable Resource ('Range Error')) to varies by context. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-118?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-118?

CWE-118 is classified as a Class-level weakness (High abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.