SFP Secondary Cluster: Incorrect Input Handling
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Incorrect Input Handling cluster.
Weaknesses
The product does not properly handle when a particular element is not completely specified.
If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments c...
The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.
The product does not handle or incorrectly handles when more values are provided than expected.
The product does not handle or incorrectly handles when a particular structural element is not completely specified.
The product does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.
The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank...
The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
The product does not handle or incorrectly handles inputs that are related to complex structures.
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.
The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.
The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).
The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been ...
The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.
The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing...
Concepts
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.