Category: SFP Secondary Cluster: Incorrect Input Handling
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Incorrect Input Handling cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-198 | Use of Incorrect Byte Ordering | The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used. |
| CWE-228 | Improper Handling of Syntactically Invalid Structure | The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification. |
| CWE-229 | Improper Handling of Values | The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined. |
| CWE-230 | Improper Handling of Missing Values | The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null. |
| CWE-231 | Improper Handling of Extra Values | The product does not handle or incorrectly handles when more values are provided than expected. |
| CWE-232 | Improper Handling of Undefined Values | The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name. |
| CWE-233 | Improper Handling of Parameters | The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined. |
| CWE-234 | Failure to Handle Missing Parameter | If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well. |
| CWE-235 | Improper Handling of Extra Parameters | The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount. |
| CWE-236 | Improper Handling of Undefined Parameters | The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product. |
| CWE-237 | Improper Handling of Structural Elements | The product does not handle or incorrectly handles inputs that are related to complex structures. |
| CWE-238 | Improper Handling of Incomplete Structural Elements | The product does not handle or incorrectly handles when a particular structural element is not completely specified. |
| CWE-239 | Failure to Handle Incomplete Element | The product does not properly handle when a particular element is not completely specified. |
| CWE-240 | Improper Handling of Inconsistent Structural Elements | The product does not handle or incorrectly handles when two or more structural elements should be consistent, but are not. |
| CWE-241 | Improper Handling of Unexpected Data Type | The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z). |
| CWE-351 | Insufficient Type Distinction | The product does not properly distinguish between different types of elements in a way that leads to insecure behavior. |
| CWE-354 | Improper Validation of Integrity Check Value | The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.