- Source: List of software bugs
Many software bugs are merely annoying or inconvenient, but some can have extremely serious consequences—either financially or as a threat to human well-being. The following is a list of software bugs with significant consequences.
Administration
The software of the A2LL system for handling unemployment and social services in Germany presented several errors with large-scale consequences, such as sending the payments to invalid account numbers in 2004.
Blockchain
The DAO bug. On June 17, 2016, the DAO was subjected to an attack exploiting a combination of vulnerabilities, including the one concerning recursive calls, that resulted in the transfer of 3.6 million Ether – around a third of the 11.5 million Ether that had been committed to The DAO – valued at the time at around $50M.
Electric power transmission
The Northeast blackout of 2003 was triggered by a local outage that went undetected due to a race condition in General Electric Energy's XA/21 monitoring software.
Encryption
See also Category:Computer security exploits
In order to fix a warning issued by Valgrind, a maintainer of Debian patched OpenSSL and broke the random number generator in the process. The patch was uploaded in September 2006 and made its way into the official release; it was not reported until April 2008. Every key generated with the broken version is compromised (as the "random" numbers were made easily predictable), as is all data encrypted with it, threatening many applications that rely on encryption such as S/MIME, Tor, SSL or TLS protected connections and SSH.
Heartbleed, an OpenSSL vulnerability introduced in 2012 and disclosed in April 2014, removed confidentiality from affected services, causing among other things the shut down of the Canada Revenue Agency's public access to the online filing portion of its website following the theft of social insurance numbers.
The Apple "goto fail" bug was a duplicated line of code which caused a public key certificate check to pass a test incorrectly.
The GnuTLS "goto fail" bug was similar to the Apple bug and found about two weeks later. The GnuTLS bug also allowed attackers to bypass SSL/TLS security.
Finance
The Vancouver Stock Exchange index had large errors due to repeated rounding. In January 1982 the index was initialized at 1000 and subsequently updated and truncated to three decimal places on each trade. This was done about 3000 times a day. The accumulated truncations led to an erroneous loss of around 25 points per month. Over the weekend of November 25–28, 1983, the error was corrected, raising the value of the index from its Friday closing figure of 524.811 to 1098.892.
Knight Capital Group lost $440 million in 45 minutes due to the improper deployment of software on servers and the re-use of a critical software flag that caused old unused software code to execute during trading.
The British Post Office scandal; between 2000 and 2015, 736 subpostmasters were prosecuted by the UK Post Office, with many falsely convicted and sent to prison. The subpostmasters were blamed for financial shortfalls which actually were caused by software defects in the Post Office's Horizon accounting software.
Media
In the Sony BMG copy protection rootkit scandal (October 2005), Sony BMG produced a Van Zant music CD that employed a copy protection scheme that covertly installed a rootkit on any Windows PC that was used to play it. Their intent was to hide the copy protection mechanism to make it harder to circumvent. Unfortunately, the rootkit inadvertently opened a security hole resulting in a wave of successful trojan horse attacks on the computers of those who had innocently played the CD. Sony's subsequent efforts to provide a utility to fix the problem actually exacerbated it.
Medical
A bug in the code controlling the Therac-25 radiation therapy machine was directly responsible for at least five patient deaths in the 1980s when it administered excessive quantities of beta radiation.
Radiation therapy planning software RTP/2 created by Multidata Systems International could incorrectly double the dosage of radiation depending on how the technician entered data into the machine. At least eight patients died, while another 20 received overdoses likely to cause significant health problems (November 2000).
A Medtronic heart device was found vulnerable to remote attacks (2008-03).
The Becton Dickinson Alaris Gateway Workstation allows unauthorized arbitrary remote execution (2019).
The CareFusion Alaris pump module (8100) will not properly delay an Infusion when the "Delay Until" option or "Multidose" feature is used (2015).
Military
The software error of a MIM-104 Patriot caused its system clock to drift by one third of a second over a period of one hundred hours – resulting in failure to locate and intercept an incoming Iraqi Al Hussein missile, which then struck Dharan barracks, Saudi Arabia (February 25, 1991), killing 28 Americans.
A Royal Air Force Chinook helicopter crashed into the Mull of Kintyre in June 1994, killing 29. Initially, the crash was dismissed as pilot error, but an investigation by Computer Weekly uncovered sufficient evidence to convince a House of Lords inquiry that it may have been caused by a software bug in the aircraft's engine control computer.
Smart ship USS Yorktown was left dead in the water in September 1997 for nearly 3 hours after a divide by zero error.
In April 1992 the first Lockheed YF-22 crashed while landing at Edwards Air Force Base, California. The cause of the crash was found to be a flight control software error that failed to prevent a pilot-induced oscillation.
While attempting its first overseas deployment to the Kadena Air Base in Okinawa, Japan, on 11 February 2007, a group of six F-22 Raptors flying from Hickam AFB, Hawaii, experienced multiple computer crashes coincident with their crossing of the 180th meridian of longitude (the International Date Line). The computer failures included at least navigation (completely lost) and communication. The fighters were able to return to Hawaii by following their tankers, something that might have been problematic had the weather not been good. The error was fixed within 48 hours, allowing a delayed deployment.
Space
NASA's 1965 Gemini 5 mission landed 80 miles (130 km) short of its intended splashdown point when the pilot compensated manually for an incorrect constant for the Earth's rotation rate. A 360-degree rotation corresponding to the Earth's rotation relative to the fixed stars was used instead of the 360.98-degree rotation in a 24-hour solar day. The shorter length of the first three missions and a computer failure on Gemini 4 prevented the bug from being detected earlier.
The Russian Space Research Institute's Phobos 1 (Phobos program) deactivated its attitude thrusters and could no longer properly orient its solar arrays or communicate with Earth, eventually depleting its batteries. (September 10, 1988).
The European Space Agency's Ariane flight V88 was destroyed 40 seconds after takeoff (June 4, 1996). The first flight of the Ariane V rocket self-destructed due to an overflow occurring during a floating-point to integer conversion in the on-board guidance software. The same software had been used successfully in the Ariane IV program, but the Ariane V produced larger values for some variable, causing the overflow.
In 1997, the Mars Pathfinder mission was jeopardised by a bug in concurrent software shortly after the rover landed, which was found in preflight testing but given a low priority as it only occurred in certain unanticipated heavy-load conditions. The problem, which was identified and corrected from Earth, was due to computer resets caused by priority inversion.
In 2000, a Zenit 3SL launch failed due to faulty ground software not closing a valve in the rocket's second stage pneumatic system.
The European Space Agency's CryoSat-1 satellite was lost in a launch failure in 2005 due to a missing shutdown command in the flight control system of its Rokot carrier rocket.
NASA Mars Polar Lander was destroyed because its flight software mistook vibrations caused by the deployment of the stowed legs for evidence that the vehicle had landed and shut off the engines 40 meters from the Martian surface (December 3, 1999).
Its sister spacecraft Mars Climate Orbiter was also destroyed, due to software on the ground generating commands based on parameters in pound-force (lbf) rather than newtons (N).
A mis-sent command from Earth caused the software of the NASA Mars Global Surveyor to incorrectly assume that a motor had failed, causing it to point one of its batteries at the sun. This caused the battery to overheat (November 2, 2006).
NASA's Spirit rover became unresponsive on January 21, 2004, a few weeks after landing on Mars. Engineers found that too many files had accumulated in the rover's flash memory. It was restored to working condition after deleting unnecessary files.
Japan's Hitomi astronomical satellite was destroyed on March 26, 2016, when a thruster fired in the wrong direction, causing the spacecraft to spin faster instead of stabilize.
ESA/Roscosmos Schiaparelli Mars lander impacted surface of Mars. Unanticipated spin during descent briefly saturated the IMU, software then misinterpreted the data as showing the lander was underground, so prematurely ejected parachute and shut down engines, resulting in crash.
Israel's first attempt to land an uncrewed spacecraft on the Moon with the Beresheet was rendered unsuccessful on April 11, 2019, due to a software bug with its engine system, which prevented it from slowing down during its final descent on the Moon's surface. Engineers attempted to correct this bug by remotely rebooting the engine, but by the time they regained control of it, Beresheet could not slow down in time to avert a hard, crash landing that disintegrated it.
Telecommunications
AT&T long-distance network crash (January 15, 1990), in which the failure of one switching system would cause a message to be sent to nearby switching units to tell them that there was a problem. Unfortunately, the arrival of that message would cause those other systems to fail too – resulting in a cascading failure that rapidly spread across the entire AT&T long-distance network.
In January 2009, Google's search engine erroneously notified users that every web site worldwide was potentially malicious, including its own.
In May 2015, iPhone users discovered a bug where sending a certain sequence of characters and Unicode symbols as a text to another iPhone user would crash the receiving iPhone's SpringBoard interface, and may also crash the entire phone, induce a factory reset, or disrupt the device's connectivity to a significant degree, preventing it from functioning normally. The bug persisted for weeks, gained substantial notoriety and saw a number of individuals using the bug to play pranks on other iOS users, before Apple eventually patched it on June 30, 2015, with iOS 8.4.
Tracking years
The year 2000 problem spawned fears of worldwide economic collapse and an industry of consultants providing last-minute fixes.
A similar problem will occur in 2038 (the year 2038 problem), as many Unix-like systems calculate the time in seconds since 1 January 1970, and store this number as a 32-bit signed integer, for which the maximum possible value is 231 − 1 (2,147,483,647) seconds. 2,147,483,647 seconds equals 68 years, and 2038 is 68 years forward from 1970.
An error in the payment terminal code for Bank of Queensland rendered many devices inoperable for up to a week. The problem was determined to be an incorrect hexadecimal number conversion routine. When the device was to tick over to 2010, it skipped six years to 2016, causing terminals to decline customers' cards as expired.
Transportation
By some accounts Toyota's electronic throttle control system (ETCS) had bugs that could cause sudden unintended acceleration.
The Boeing 787 Dreamliner experienced an integer overflow bug which could shut down all electrical generators if the aircraft was on for more than 248 days. A similar problem was found in Airbus A350 which need to be powered down before reaching 149 hours of continuous power-on time, otherwise certain avionics systems or functions would partially or completely fail.
In early 2019, the transportation-rental firm Lime discovered a firmware bug with its electric scooters that can cause them to brake very hard unexpectedly, which may hurl and injure riders.
Boeing 737 NG had all cockpit displays go blank if a specific type of instrument approach to any one of seven specific airports was selected in the flight management computer.
Bombardier CRJ-200 equipped with flight management systems by Collins Aerospace would make wrong turns during missed approach procedures executed by the autopilot in some specific cases when temperature compensation was activated in cold weather.
Video gaming
Eve Online's deployment of the Trinity patch erased the boot.ini file from several thousand users' computers, rendering them unable to boot. This was due to the usage of a legacy system within the game that was also named boot.ini. As such, the deletion had targeted the wrong directory instead of the /eve directory.
The Corrupted Blood incident was a software bug in World of Warcraft that caused a deadly, debuff-inducing virtual disease that could only be contracted during a particular raid to be set free into the rest of the game world, leading to numerous, repeated deaths of many player characters. This caused players to avoid crowded places in-game, just like in a "real world" epidemic, and the bug became the center of some academic research on the spread of infectious diseases.
On June 6, 2006, the online game RuneScape suffered from a bug that enabled certain player characters to kill and loot other characters, who were unable to fight back against the affected characters because the game still thought they were in player-versus-player mode even after they were kicked out of a combat ring from the house of a player who was suffering from lag while celebrating an in-game accomplishment. Players who were killed by the glitched characters lost many items, and the bug was so devastating that the players who were abusing it were soon tracked down, caught and banned permanently from the game, but not before they had laid waste to the region of Falador, thus christening the bug "Falador Massacre".
In the 256th level of Pac-Man, a bug results in a kill screen. The maximum number of fruit available is seven and when that number rolls over, it causes the entire right side of the screen to become a jumbled mess of symbols while the left side remains normal.
Upon initial release, the ZX Spectrum game Jet Set Willy was impossible to complete because of a severe bug that corrupted the game data, causing enemies and the player character to be killed in certain rooms of the large mansion where the entire game takes place. The bug, known as "The Attic Bug", would occur when the player entered the mansion's attic, which would then cause an arrow to travel offscreen, overwriting the contents of memory and altering crucial variables and behavior in an undesirable way. The game's developers initially excused this bug by claiming that the affected rooms were death traps, but ultimately owned up to it and issued instructions to players on how to fix the game itself.
One of the free demo discs issued to PlayStation Underground subscribers in the United States contained a serious bug, particularly in the demo for Viewtiful Joe 2, that would not only crash the PlayStation 2, but would also unformat any memory cards that were plugged into that console, erasing any and all saved data onto them. The bug was so severe that Sony had to apologize for it and send out free copies of other PS2 games to affected players as consolation.
Due to a severe programming error, much of the Nintendo DS game Bubble Bobble Revolution is unplayable because a mandatory boss fight failed to trigger in the 30th level.
An update for the Xbox 360 version of Guitar Hero II, which was intended to fix some issues with the whammy bar on that game's guitar controllers, came with a bug that caused some consoles to freeze, or even stop working altogether, producing the infamous "red ring of death".
Valve's Steam client for Linux could accidentally delete all the user's files in every directory on the computer. This happened to users that had moved Steam's installation directory. The bug is the result of unsafe shellscript programming: The first line tries to find the script's containing directory. This could fail, for example if the directory was moved while the script was running, invalidating the "selfpath" variable $0. It would also fail if $0 contained no slash character, or contained a broken symlink, perhaps mistyped by the user. The way it would fail, as ensured by the && conditional, and not having set -e cause termination on failure, was to produce the empty string. This failure mode was not checked, only commented as "Scary!". Finally, in the deletion command, the slash character takes on a very different meaning from its role of path concatenation operator when the string before it is empty, as it then names the root directory.
Minus World is an infamous glitch level from the 1985 game Super Mario Bros., accessed by using a bug to clip through walls in level 1–2 to reach its "warp zone", which leads to the said level. As this level is endless, triggering the bug that takes the player there will make the game impossible to continue until the player resets the game or runs out of lives.
"MissingNo." is a glitch Pokémon species present in Pokémon Red and Blue, which can be encountered by performing a particular sequence of seemingly unrelated actions. Capturing this Pokémon may corrupt the game's data, according to Nintendo and some of the players who successfully attempted this glitch. This is one of the most famous bugs in video game history, and continues to be well-known.
See also
London Ambulance Service § Innovation
References
External links
Forum on Risks to the Public in Computers and Related Systems
Kata Kunci Pencarian:
- Keamanan komputer
- Bugzilla
- Debian
- Warner Bros.
- Perbandingan perangkat lunak enkripsi cakram keras
- Pengembangan perangkat lunak Android
- Systemd
- Daftar permainan arkade
- Kotlin (bahasa pemrograman)
- WarnerMedia
- List of software bugs
- Software bug
- Bug tracking system
- Heisenbug
- Security bug
- Shellshock (software bug)
- Programming tool
- Linus's law
- List of statistical software
- Bugzilla