CWE-1288 – Improper Validation of Consistency within Input

Read Time:31 Second

Description

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-20

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description: 

CVE References

  • CVE-2018-16733
    • product does not validate that the start block appears before the end block
  • CVE-2006-3790
    • size field that is inconsistent with packet size leads to buffer over-read
  • CVE-2008-4114
    • system crash with offset value that is inconsistent with packet size