CWE-111

Direct Use of Unsafe JNI

AI Translation Available

When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.

Status

draft

Abstraction

variant

Affected Platforms

Java

Extended Description

AI Translation

Many safety features that programmers may take for granted do not apply for native code, so you must carefully review all such code for potential problems. The languages used to implement native code may be more susceptible to buffer overflows and other attacks. Native code is unprotected by the security features enforced by the runtime environment, such as strong typing and array bounds checking.

Technical Details

AI Translation

Common Consequences

access control

Impacts

bypass protection mechanism

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation

Descriptions:

• Implement error handling around the JNI call.

• Be reluctant to use JNI calls. A Java API equivalent may exist.

• Do not use JNI calls if you don't trust the native library.

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

elusione del meccanismo di protezione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione

Descriptions:

• Implementa la gestione degli errori intorno alla chiamata JNI.

• Sii riluttante nell'usare chiamate JNI. Potrebbe esistere un'API Java equivalente.

• Non utilizzare chiamate JNI se non ti fidi della libreria nativa.

CWE-111

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter