CWE-1288 - Improper Validation of Consistency within Input

Read Time:31 Second

Description

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

Modes of Introduction:

– Implementation

Related Weaknesses

CWE-20

Consequences

Other: Varies by Context

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description:

CVE References

CVE-2018-16733
- product does not validate that the start block appears before the end block

CVE-2006-3790
- size field that is inconsistent with packet size leads to buffer over-read

CVE-2008-4114
- system crash with offset value that is inconsistent with packet size

InCVE-2018-16733, CWE- 1288, Improper Validation of Consistency within Input

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...

rocco

February 19, 2023February 19, 2023

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...

rocco

February 19, 2023February 19, 2023

CWE-669 – Incorrect Resource Transfer Between Spheres

Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...

rocco

May 26, 2022