CWE-67
Improper Handling of Windows Device Names
The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.
Mitigation
Phase: Implementation
Description:
- Be familiar with the device names in the operating system where your system is deployed. Check input for these device names.
No CAPEC attack patterns related to this CWE.