SFP Secondary Cluster: Incorrect Input Handling

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Incorrect Input Handling cluster.

Weaknesses

Failure to Handle Incomplete Element

The software does not properly handle when a particular element is not completely specified.

Failure to Handle Missing Parameter

If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments c...

Improper Handling of Extra Parameters

The software does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.

Improper Handling of Extra Values

The software does not handle or incorrectly handles when more values are provided than expected.

Improper Handling of Incomplete Structural Elements

The software does not handle or incorrectly handles when a particular structural element is not completely specified.

Improper Handling of Inconsistent Structural Elements

The software does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.

Improper Handling of Missing Values

The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blan...

Improper Handling of Parameters

The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

Improper Handling of Structural Elements

The software does not handle or incorrectly handles inputs that are related to complex structures.

Improper Handling of Syntactically Invalid Structure

The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.

Improper Handling of Undefined Parameters

The software does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.

Improper Handling of Undefined Values

The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

Improper Handling of Unexpected Data Type

The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).

Improper Handling of Values

The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.

Improper Validation of Integrity Check Value

The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been...

Insufficient Type Distinction

The software does not properly distinguish between different types of elements in a way that leads to insecure behavior.

Use of Incorrect Byte Ordering

The software receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causin...

Concepts

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.