Cyber Posture

CWE · MITRE source

CWE-170Improper Null Termination

Abstraction: Base · CVEs in our corpus: 45

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2019-110453.23.70.41482019-12-23
CVE-2019-82752.29.80.04332019-03-08
CVE-2021-318862.29.80.03432021-11-09
CVE-2021-14692.09.90.00372021-03-24
CVE-2021-14712.09.90.00302021-03-24
CVE-2021-14112.09.90.00462021-03-24
CVE-2021-14172.09.90.00332021-03-24
CVE-2021-14182.09.90.00502021-03-24
CVE-2021-229312.09.80.00662021-08-16
CVE-2021-318842.09.80.00732021-11-09
CVE-2021-318872.08.80.03402021-11-09
CVE-2021-318882.08.80.03402021-11-09
CVE-2024-434741.97.60.06732024-09-10
CVE-2026-344641.88.80.00012026-05-05
CVE-2024-452881.78.40.00072024-09-05
CVE-2024-214421.67.80.00432024-03-12
CVE-2024-314841.67.80.00062024-05-14
CVE-2026-344621.67.80.00012026-05-05
CVE-2022-475151.57.50.00672022-12-18
CVE-2023-240211.57.50.00102023-01-20
CVE-2023-353211.56.50.03442023-07-11
CVE-2025-627921.57.50.00062025-10-29
CVE-2025-677901.57.50.00092025-12-17
CVE-2021-11201.47.00.00052021-10-29
CVE-2023-486741.46.80.00132024-03-01